Comments (7)
mssalvatore
commented on May 23, 2024
@markmorlino, how often is updated OVAL data generated?
from sec-cvescan.
stevebeattie
commented on May 23, 2024
@mssalvatore it's generated immediately following the cve html pages in the same cron job, so as frequently as every hour.
from sec-cvescan.
markmorlino
commented on May 23, 2024
OVAL seems to be about 11mb of tar.bz2 files right now
from sec-cvescan.
mssalvatore
commented on May 23, 2024
@joemcmanus How fresh do we want the offline OVAL data to be?
from sec-cvescan.
joemcmanus
commented on May 23, 2024
We could do it once a week? But I guess a problem would be everyone downloading new snaps each time we publish a new version.
from sec-cvescan.
markmorlino
commented on May 23, 2024
I'm thinking out loud here, but could we make a content snap that had just the oval files in it, and then have cvescan use it if it was installed or go download oval if it was not installed?
from sec-cvescan.
mssalvatore
commented on May 23, 2024
I was also toying with the content snap idea. I'd like to avoid pushing out a whole new version of CVEScan every time the OVAL updates.
from sec-cvescan.
Related Issues (20)
- CVE publish date
- deb package cvescan HOT 1
- Database Release Version
- Debian compatibility HOT 2
- Scan shows vulnerable if some patched packages are installed from PPA HOT 1
- Mismatch between oval and cvescan
- Vulnerability database used by cvescan not the same as the Oval data thus missing some vulnerable packages during scan
- cloud-init package listed as fixable, but not yet available in official repositories HOT 3
- epoch number might causing inaccurate results
- CVE-2019-3466 outstanding when postgresql-all = 10+190ubuntu0.1
- Database files are out of date HOT 2
- grub related packages reported as vulnerable without a means to fix HOT 3
- CVEscan should catch network issues and not crash HOT 1
- Publish Pypi packages
- CVE data not yet published for Impish Indiri HOT 2
- cvescan on Xenial incorrectly labelling a number of CVEs as still unfixed. HOT 1
- KeyError in parsing recent /var/lib/ubuntu-advantage/status.json HOT 1
- Add support for parsing DISTRIB_CODENAME vs just Ubuntu only HOT 1
- cvescan gives dpkg error on rhel8 HOT 2
- When using manifest, please provide option to specify suite HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sec-cvescan.