-
Notifications
You must be signed in to change notification settings - Fork 4
CVE Scanner
Welcome to the CVE Scanner wiki! Here you can clone or copy the project so you can manage the risk inherited by using open source and third party source projects. This provides you with intelligent Software Composition Analysis to identify and reduce risk.
This is a NIST-CVE library search engine for use with your own custom Software Bill of Materials (SWBOM) input file. This is ideal for projects where you can create a text file of your SWBOM as input to the tool. The output will be all CVE identifiers of potential risks. The library from NIST is tens of thousands of entries, and this tool does the work of searching for your specific packages of interest.
This tool will use your list of software packages to search thousands of current NIST CVE entries to find known issues. Knowledge is half the battle, so use this to automate the search for software items that could have outstanding issues.