Skip to content

Latest commit

 

History

History
47 lines (29 loc) · 1.33 KB

README.md

File metadata and controls

47 lines (29 loc) · 1.33 KB

CVE Monitor

The intended use of this script is to provide up-to-date checking for CVE vulnerabilities via API checking provided by cve.circl.lu. This script leverages a local sqlite3 database to maintain a catalog of CVE's that will allow this machine to work in an offline mode of sorts.

Usage

CVE monitor comes with an install script that allows the user to install cve-monitor as a systemd timer service.

Before you start:

in the checkout directory, run:

~$ pipenv install ~$ pipenv run ./cve-monitor

in order to install all of the dependencies and build the initial catalog (CAUTION: this operation may take a while)

General scan

~$ pipenv run ./cve-monitor --scan

Show vulnerability list (without updating the CVE catalog)

~$ pipenv run ./cve-monitor --show-vulns --no-update

Show all vulneratilibies (most up to date)

~$ pipenv run ./cve-monitor --show-all

Pipenv Actions

Invoke the script using actions pre-defined in Pipfile

Syntax: pipenv run 'action'

scan

equivalent to python3 ./cve-monitor --scan

quick-scan

equivalent to python3 ./cve-monitor --scan --no-update

update-catalog

equivalent to python3 ./cve-monitor (with no additional arguments)

report

equivalent to python3 ./cve-monitor --show-vulns --no-update

history

equivalent to python3 ./cve-monitor --show-all --no-update