Skip to content

1franck/cvepack

BranchesTags

Repository files navigation

👾 CVEPack

CVEPack is a tool to detect vulnerabilities in packages from various ecosystems.

It uses a compiled version of GitHub Advisory Database as source for detecting CVEs.

Ecosystems detected with their package managers and lock files:

  • NPM (Node.js)
    • package-lock.json
    • yarn.lock
    • pnpm-lock.yaml
    • /node_modules
  • Go
    • go.sum
  • Packagist (PHP)
    • composer.lock
  • Crates.io (Rust)
    • Cargo.lock
  • RubyGems (Ruby)
    • Gemfile.lock
  • PyPI (Python)
    • poetry.lock
    • pdm.lock
  • NuGet (.Net)
    • .sln
    • .csproj
  • Maven (Java)
    • pom.xml

Scanner

scan path(s)

cvepack scan <path1> [<path2> ...]

scan_cmd.png

scan GitHub url(s) with -u/--url

cvepack scan -u <url1> [<url2> ...]

ex: $ cvepack scan -u github.com/1franck/cvepack

scan commands flags

Flag Description
-d, --details Show CVE details
-u, --url Scan GitHub repository url
-s, --silent Silent mode
-o, --output Result output file

Search a package

cvepack search <package name>

search_cmd.png

Update CVE database

cvepack update

Build from source

make

About

Tool to detect vulnerabilities in packages.

Topics

vulnerabilities cve-scanning security-tools cves

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages