Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/devmatic-it/debcvescan

Debian CVE Scanner is self-contained CVE scanner for DEBIAN distributions written in golang.
https://github.com/devmatic-it/debcvescan

cve debian go golang security-scanner vulnerabilities

Last synced: about 3 hours ago
JSON representation

Debian CVE Scanner is self-contained CVE scanner for DEBIAN distributions written in golang.

Host: GitHub
URL: https://github.com/devmatic-it/debcvescan
Owner: devmatic-it
License: apache-2.0
Created: 2019-11-26T20:32:32.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2023-04-21T12:09:25.000Z (over 1 year ago)
Last Synced: 2024-06-20T10:15:47.617Z (5 months ago)
Topics: cve, debian, go, golang, security-scanner, vulnerabilities
Language: Go
Homepage: https://devmatic-it.github.io/debcvescan/
Size: 62.2 MB
Stars: 27
Watchers: 4
Forks: 5
Open Issues: 14
Metadata Files:
- Readme: README.md
- License: LICENSE
- Authors: AUTHORS

Awesome Lists containing this project

README

        # Debian CVE Scanner

[![Go Report Card](https://goreportcard.com/badge/github.com/devmatic-it/debcvescan)](https://goreportcard.com/report/github.com/devmatic-it/debcvescan)

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/devmatic-it/debcvescan/blob/master/LICENSE)

[![codecov](https://codecov.io/gh/devmatic-it/debcvescan/branch/master/graph/badge.svg)](https://codecov.io/gh/devmatic-it/debcvescan)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=devmatic-it_debcvescan&metric=alert_status)](https://sonarcloud.io/dashboard?id=devmatic-it_debcvescan)

[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=devmatic-it_debcvescan&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=devmatic-it_debcvescan)

[![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=devmatic-it_debcvescan&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=devmatic-it_debcvescan)

[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=devmatic-it_debcvescan&metric=security_rating)](https://sonarcloud.io/dashboard?id=devmatic-it_debcvescan)

[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=devmatic-it_debcvescan&metric=bugs)](https://sonarcloud.io/dashboard?id=devmatic-it_debcvescan)

[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=devmatic-it_debcvescan&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=devmatic-it_debcvescan)

[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=devmatic-it_debcvescan&metric=code_smells)](https://sonarcloud.io/dashboard?id=devmatic-it_debcvescan)

The following project checks the installed packages of your Debian Linux distribution against known vulnerabilities of the Debian Security Bug Tracker 

## Motivation

The target of this project is to provider the CVE security scanning solution that is lightweight and self-contained. The current standard solution debsescan requires the following packages to be installed in order to run:

- dependency on python runtime

- dependency to exim mail server

We want to provide the same features as the debsescan without dependencies to python or the exim mail server.

## Installation

### Binary

1. Download latest release for your platform: 

2. extract archive: `tar xvfz debcvescan_X.Y.Z_linux_amd64.tgz`

3. scan system for vulnerabilities: `debcvescan scan`

### Debian package

1. Download latest release for your platform: 

2. extract archive: `dpkg -i debcvescan_X.Y.Z_linux_amd64.deb`

3. scan system for vulnerabilities: `debcvescan scan`

### Debian Repository

1. Download and import public GPG key:

```bash

wget -qO - https://devmatic-it.github.io/debcvescan/debian/PUBLIC.KEY | sudo apt-key add -

```

2. Select sources directory for APT:

```bash

cd /etc/apt/sources.list.d`

```

3. Create new source file:

```bash

sudo echo "deb https://devmatic-it.github.io/debcvescan/debian buster main" > devmatic-it.list

```

4. Uodate APT repository:

```bash

sudo apt-get update

```

5. Install the package:

```bash

sudo apt-get install debcvescan

```

## Getting Started

1. Execute scanning: `debcvescan scan`

![debcvescan scan](https://github.com/devmatic-it/debcvescan/blob/master/docs/img/debcvescan_scan.png)

2. Scan a specific package for vulnerabilities: `debcvescan pkg cron`

![debcvescan scan](https://github.com/devmatic-it/debcvescan/blob/master/docs/img/debcvescan_pkg.png)

3. Get details for a specific vulnerabitities: `debcvescan cve CVE-2019-9704`

![debcvescan scan](https://github.com/devmatic-it/debcvescan/blob/master/docs/img/debcvescan_cve.png)

4. export scan report to JSON: `debcvescan scan --format=json`

![debcvescan scan](https://github.com/devmatic-it/debcvescan/blob/master/docs/img/debcvescan_scan_json.png)

## Contribute

### New Issues

1. Use the search tool before opening a new issue: 

2. Please provide source code and commit fix if you found a bug.

3. Review existing issues and provide feedback or react to them.

### Pull requests

1. Open your pull request against master:  

2. Your pull request should have no more than two commits, if not you should squash them.

3. It should pass all tests in the available continuous integrations systems such as TravisCI.

4. You should add/modify tests to cover your proposed code changes.

5. If your pull request contains a new feature, please document it on the 

## Credits

This work has ben inspired by the following open source projects:

- CoreOS Clair Project ()

- Debsescan Security Scanner ()

- GoRleaser Builder Image ()

- Building a basic CI/CD pipeline for a Golang application using GitHub Actions

()