harbor-cve-finder (hcf) is a tool which polls information from a configurable Harbor instance in order to analyze CVE reports.
Run hcf like this.
the switch -p/--package may contain a substring expression of the package with a CVE finding. Currently only CVEs of the range HIGH and CRITICAL will be shown. Future versions will make this configurable.
go run -e find https://your/harbor/registry -p openssh
Username: yourUsername
Password:
...
Looking at project1/your-repo-cluster
Found vuln in project1/your-repo-cluster:1.0.0: CVE-2024-6387 in package openssh-client
Looking at project1/your-repo2
Found vuln in project1/your-repo2:1.1.0: CVE-2024-6387 in package openssh-client
Found vuln in project1/your-repo2:1.0.1: CVE-2024-6387 in package openssh-client
Found vuln in project1/your-repo2:1.0.0: CVE-2024-6387 in package openssh-client
Looking at another-project/pyenv
Looking at another-project/ki-python
Looking at another-project/pycharm
Looking at another-project/intellij
Looking at another-project/nvm
Looking at another-project/code-server-extensionsYou can also download a compiled AMD64 Linux binary from the Releases section and run that instead of installing Go first ;)