Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-17 05:58:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 44
fleet/server/vulnerabilities/nvd
History
Victor Lyuboslavsky 759003e37d
Fixing false negative vulnerabilities on macOS Homebrew python packages. (#17709) 
#17061

TODO: Need to also merge this fix into patch branch.

# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
2024-03-19 14:12:07 -05:00
..
sync Use NVD API 2.0 to download CVE information (#15102) 2023-11-21 12:30:07 -06:00
cpe.go Skip nonASCII Software Names in Vuln Processing (#17193) 2024-03-01 10:31:46 -07:00
cpe_matching_rule.go Add visual studio extensions to software inventory (#17501) 2024-03-14 16:33:12 -03:00
cpe_matching_rule_test.go add CVE-2013-0340 to ignore list (#13942) 2023-09-15 16:38:33 -06:00
cpe_matching_rules.go Add visual studio extensions to software inventory (#17501) 2024-03-14 16:33:12 -03:00
cpe_test.go Fixing false negative vulnerabilities on macOS Homebrew python packages. (#17709) 2024-03-19 14:12:07 -05:00
cpe_translations.go Flock vulnerability false positive (#13827) 2023-09-14 10:38:36 -06:00
cpe_translations.json Add visual studio extensions to software inventory (#17501) 2024-03-14 16:33:12 -03:00
cve.go Add visual studio extensions to software inventory (#17501) 2024-03-14 16:33:12 -03:00
cve_test.go Add visual studio extensions to software inventory (#17501) 2024-03-14 16:33:12 -03:00
db.go Updating CPE generator to use new NVD API. (#15018) 2023-11-20 16:10:00 -06:00
indexed_cpe_item.go Fixes various bugs with NVD vulnerability detection (#7963) 2022-10-04 07:04:48 -04:00
README.md Add visual studio extensions to software inventory (#17501) 2024-03-14 16:33:12 -03:00
sanitize.go Fixing false negative vulnerabilities on macOS Homebrew python packages. (#17709) 2024-03-19 14:12:07 -05:00
sanitize_test.go Add visual studio extensions to software inventory (#17501) 2024-03-14 16:33:12 -03:00
sync.go Use NVD API 2.0 to download CVE information (#15102) 2023-11-21 12:30:07 -06:00
sync_test.go Add Description text to CVE Metadata (#13856) 2023-09-15 11:24:10 -06:00
testing_utils.go Fixes various bugs with NVD vulnerability detection (#7963) 2022-10-04 07:04:48 -04:00

README.md

Testing CPE Translations

To improve accuracy when mapping software to CVEs, we can add data to cpe_translations.json which will get picked up by the NVD repo.

To test these changes locally, you can:

  1. make the appropriate changes to cpe_translations

  2. host this file on a local web server

    go run ./tools/file-server/main.go 8082 ./server/vulnerabilities/nvd/

  3. (re)launch your local fleet server with one of the following

    Config method

    vulnerabilities:
cpe_translations_url: "http://localhost:8082/cpe_translations.json"

    Environment method

    FLEET_VULNERABILITIES_CPE_TRANSLATIONS_URL="http://localhost:8082/cpe_translations.json" ./build/fleet serve --dev --dev_license --logging_debug

  4. trigger a vulnerabilities scan

    fleetctl trigger --name vulnerabilities