Vulnerability scanner based on vulners.com audit API
Arkadiusz Miśkiewicz
arekm at maven.pl
Mon Aug 29 09:43:55 CEST 2016
On Monday 29 of August 2016, Elan Ruusamäe wrote:
> On 29.08.2016 08:02, Arkadiusz Miśkiewicz wrote:
> > Interesting
> >
> > https://github.com/videns/vulners-scanner
> >
> > TODO: incorporate that (API) into our infrastructure to check ftp
> > contents
>
> i've seen such projects in the past.
>
> but i lost interest to them after i found that they compare just
> package-db versions, not actual file blob contents.
Right, that will be a problem.
If these provide CVE info then maybe we could check changelog contents of our
packages and skip these with info about cve fixed.
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the pld-devel-en
mailing list