CLI Suggestion
Opened this issue · 0 comments
Suggested CLI for vulndb tool
Generic Options
--help = help for the current sub command
-v, -vv = verbose output, if any is provided - print output as logs.
--file = output file name
-o, --output-format = output format (table, json, cyclone-dx-json)
Commands
ingest
ingest data from various sources into vulndb database
version
Displays software version, database schema version, update date for each data source (none if not included)
sub commands:
nvd,
osv (I sugget that the command is vulndb ingest nvd/osv)
Flags:
--nvd-api-key
--limit (for experimentation, default - none)
--offset (for experimentation, default - 0) (Note: I'm not sure this is needed)
--update-only
--osv-sources pypi/maven/.... default - all
purl-cves
Retrieve CVE vulnerabilities for purl or a list of purls
Flags:
--input-file = input file. if this flag is used it overrides input given as arguments
--input-file-format = raw-list, cycloneDX-json default raw-list
--min-level = minimum severity level (low, medium, high, critical) default - low
--package-managers = pypi,maven (a list), default to all
--from-date = inlude only new vulnerabilities published after from-date
--include-non-nvd = include non NVD vulnerabilities (from OSV) default - false
cve-lookup
Retrieve PURLs that are affected by the CVE (according to the OSV database)
Flags: As for the purl-cves command
In the case of output format cycloneDX, the purls will be added as components + linked to the vulnerabilities in the vulnerabilities section.
sbom-vulnerabilities
Add a vulnerabilities section to a CycloneDX SBOM
Command format: vulndb sbom-vulnerabilities
Notes:
- command should update the SBOM tool section and the SBOM identifier.
- command can be made redundant - the capability can be provided by the purl-cve command (input and output formats of cycloneDX)
search (optional)
Text search on all fields.
vulndb search 'query'
query can include SQL wildcard %