Skip to content

mprpic/cvelint

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cvelint

CVE records in the v5 JSON schema may include errors that are neither enforceable by a schema, nor validated on the backend in CVE Services when a CVE record is created/updated. This CLI tool aims to validate CVE records for such errors so they can be fixed, and changes to the CVE schema can be made based on these findings.

Installation

Binary Releases

For Linux, macOS, or Windows, you can download a binary release here.

Build from Source

$ git clone https://github.com/mprpic/cvelint; cd cvelint
$ make build
$ ./bin/cvelint -h

Usage

$ git clone https://github.com/CVEProject/cvelistV5  # Download all CVE v5 records
$ ./cvelint -select E005 -cna redhat ./cvelistV5/cves/2023/
Collected 13501 files; checked 222 files.

CVE-2023-3618 (redhat) -- /home/user/cvelistV5/cves/2023/3xxx/CVE-2023-3618.json
  E005  Incorrect CVSS v3 severity: "high"; should be "medium" (at "containers.cna.metrics.1.cvssV3_1")

Found 1 error.
$ ./cvelint -show-rules  # Display available validation rules
$ ./cvelint -h  # Display help

GitHub Action

cvelint-action runs daily and produces a CSV and JSON output of all errors in the current CVE v5 data set.