The intended use of this script is to provide up-to-date checking for CVE vulnerabilities via API checking provided by cve.circl.lu. This script leverages a local sqlite3 database to maintain a catalog of CVE's that will allow this machine to work in an offline mode of sorts.
CVE monitor comes with an install script that allows the user to install cve-monitor as a systemd timer service.
in the checkout directory, run:
~$ pipenv install ~$ pipenv run ./cve-monitor
in order to install all of the dependencies and build the initial catalog (CAUTION: this operation may take a while)
~$ pipenv run ./cve-monitor --scan
~$ pipenv run ./cve-monitor --show-vulns --no-update
~$ pipenv run ./cve-monitor --show-all
Invoke the script using actions pre-defined in Pipfile
Syntax:
pipenv run 'action'
equivalent to python3 ./cve-monitor --scan
equivalent to python3 ./cve-monitor --scan --no-update
equivalent to python3 ./cve-monitor (with no additional arguments)
equivalent to python3 ./cve-monitor --show-vulns --no-update
equivalent to python3 ./cve-monitor --show-all --no-update