{"id":37113895,"url":"https://github.com/projg2/kuroneko","last_synced_at":"2026-01-14T13:25:25.481Z","repository":{"id":138071246,"uuid":"352455220","full_name":"projg2/kuroneko","owner":"projg2","description":"Vulnerability checker using data scraped from Gentoo Bugzilla","archived":false,"fork":false,"pushed_at":"2024-01-07T13:27:52.000Z","size":89,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-05-01T22:09:09.402Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projg2.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"ko_fi":"mgorny","github":["mgorny"]}},"created_at":"2021-03-28T22:43:16.000Z","updated_at":"2024-02-26T10:47:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"589bce2a-e611-4509-8db4-c89cb391f6b5","html_url":"https://github.com/projg2/kuroneko","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/projg2/kuroneko","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projg2%2Fkuroneko","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projg2%2Fkuroneko/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projg2%2Fkuroneko/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projg2%2Fkuroneko/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projg2","download_url":"https://codeload.github.com/projg2/kuroneko/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projg2%2Fkuroneko/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28421166,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T13:25:24.645Z","updated_at":"2026-01-14T13:25:25.462Z","avatar_url":"https://github.com/projg2.png","language":"Python","funding_links":["https://ko-fi.com/mgorny","https://github.com/sponsors/mgorny"],"categories":[],"sub_categories":[],"readme":"========\nkuroneko\n========\n:Copyright: 2021, Michał Górny\n:License: 2-clause BSD license\n\nKuroneko is a tool to audit a Gentoo system for vulnerable packages,\npowered by the data scraped from Gentoo Bugzilla.  This complements\nGLSA-based tooling by providing the data about vulnerabilities of lower\nseverity, as well as faster reporting of unresolved vulnerabilities.\n\nKuroneko consists of two tools:\n\n- kuroneko.scraper is responsible for searching Gentoo Bugzilla\n  and scraping the information from Security bugs.  The data is then\n  exported into a JSON dump that can be distributed to other hosts.\n\n- kuroneko CLI is responsible for obtaining the installed package list,\n  matching vulnerability data against it and printing the relevant\n  vulnerabilities.\n\n\nUsing\n=====\nTo use kuroneko CLI, just run the script::\n\n    kuroneko\n\nIt will automatically fetch the vulnerability database from Gentoo\nservers, scan your system for vulnerable packages and print a list\nof them.\n\nPlease note that kuroneko is currently in alpha stage and is quite\nlikely to produce some false positives.  Please treat its output with\ncaution.\n\n\nLimitations\n===========\nKuroneko relies on scraping security bugs for data.  At the moment,\nGentoo security bugs are pretty primitive.  Most importantly,\nthe affected package list and versions need to be scraped from bug\nsummaries.  Many of them follow the same pattern making that feasible\nbut not all of them.\n\nKuroneko requires the bug summary to identify affected versions.  Bugs\nthat were closed without adding a specific version to the summary\nare not reported, as they would make it impossible to determine whether\nthe current version is affected.\n\nThere are a few packages where upstream restarted versioning.  Old\nsecurity bugs still refer to the old version scheme of these packages,\nand may match new versions as well.  We are actively working\non filtering these bugs out.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojg2%2Fkuroneko","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojg2%2Fkuroneko","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojg2%2Fkuroneko/lists"}