Skip to content

Debian CVE Scanner is self-contained CVE scanner for DEBIAN distributions written in golang.

License

Notifications You must be signed in to change notification settings

devmatic-it/debcvescan

Repository files navigation

Debian CVE Scanner

Go Report Card License codecov Quality Gate Status Maintainability Rating Reliability Rating Security Rating Bugs Vulnerabilities Code Smells

The following project checks the installed packages of your Debian Linux distribution against known vulnerabilities of the Debian Security Bug Tracker https://security-tracker.debian.org/tracker

Motivation

The target of this project is to provider the CVE security scanning solution that is lightweight and self-contained. The current standard solution debsescan requires the following packages to be installed in order to run:

  • dependency on python runtime
  • dependency to exim mail server

We want to provide the same features as the debsescan without dependencies to python or the exim mail server.

Installation

Binary

  1. Download latest release for your platform: https://github.com/devmatic-it/debcvescan/releases/latest
  2. extract archive: tar xvfz debcvescan_X.Y.Z_linux_amd64.tgz
  3. scan system for vulnerabilities: debcvescan scan

Debian package

  1. Download latest release for your platform: https://github.com/devmatic-it/debcvescan/releases/latest
  2. extract archive: dpkg -i debcvescan_X.Y.Z_linux_amd64.deb
  3. scan system for vulnerabilities: debcvescan scan

Debian Repository

  1. Download and import public GPG key:
wget -qO - https://devmatic-it.github.io/debcvescan/debian/PUBLIC.KEY | sudo apt-key add -
  1. Select sources directory for APT:
cd /etc/apt/sources.list.d`
  1. Create new source file:
sudo echo "deb https://devmatic-it.github.io/debcvescan/debian buster main" > devmatic-it.list
  1. Uodate APT repository:
sudo apt-get update
  1. Install the package:
sudo apt-get install debcvescan

Getting Started

  1. Execute scanning: debcvescan scan debcvescan scan

  2. Scan a specific package for vulnerabilities: debcvescan pkg cron debcvescan scan

  3. Get details for a specific vulnerabitities: debcvescan cve CVE-2019-9704 debcvescan scan

  4. export scan report to JSON: debcvescan scan --format=json debcvescan scan

Contribute

New Issues

  1. Use the search tool before opening a new issue: https://github.com/devmatic-it/debcvescan/issues
  2. Please provide source code and commit fix if you found a bug.
  3. Review existing issues and provide feedback or react to them.

Pull requests

  1. Open your pull request against master: https://github.com/devmatic-it/debcvescan/pulls
  2. Your pull request should have no more than two commits, if not you should squash them.
  3. It should pass all tests in the available continuous integrations systems such as TravisCI.
  4. You should add/modify tests to cover your proposed code changes.
  5. If your pull request contains a new feature, please document it on the https://github.com/devmatic-it/debcvescan/blob/master/README.md

Credits

This work has ben inspired by the following open source projects: