Skip to content
/ bd_vuln_check Public

Black Duck API script to cross check vulnerabilities for "not-affected" packages for RedHat advisories

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pranayCodes/bd_vuln_check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
vuln_ignore.py
vuln_ignore.py
 
 

Repository files navigation

Instructions on how to work with the script:

  • Create a read/write token in your Black Duck instance and keep it handy.
  • Install requirements using the command mentioned below.
  • Follow the DOC instructions using the --help command on the script

Use the requirements file to install dependencies using:

  • pip install -r requirements.txt

What can the script do right now?

  • Goes through the BOM
  • Identifies CentOS/ RedHat origins
  • Queries Redhat, checks for "Not Affected" origins for Enterprise Linux 6/7/8
  • If things are not affected, marks them as "Ignored" on the BOM
  • Provide additional link to RHSA json for access to raw data in the description

Sample Command:

vuln_ignore.py --instance --token <token_from_bd> --project <project_uuid_on_bd> --version <version_uuid_on_bd>

About

Black Duck API script to cross check vulnerabilities for "not-affected" packages for RedHat advisories

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Vuln Check Version 2.0.0 Latest
Oct 8, 2020
+ 1 release

Packages

No packages published

Languages