Follow

Looking for a vulnerability management software in which you can import a list of Debian packages, Python packages, Go modules, etc, and that will keep track of the vulnerabilities and alert me. Do you have any recommendation? Bonus point if it is libre.

· · Web · 2 · 10 · 4

@lutindiscret Thank you for the suggestion. I am not really looking for a security scanner. I would much prefer a push system (I explicitly import a list of packages to monitor) than a pull system (scanning for packages). I'm planning on using this to monitor my dependencies on a hardened appliance development, on which it would be impractical to run an agent.

@x_cli i would have thrown something like github.com/devmatic-it/debcves or github.com/quay/clair at you but as i read that there is some hardened appliance there that you dont care for either...

@elbosso Yeah, I feel like most tools want to offer ground truth by monitoring the actual systems instead of relying on an import system and the system admin ability to maintain it. I can sympathize with that, even if it means that I probably will have to hack some tools so that instead of probing the system they will query a curated file.

@elbosso Thank you for the suggestion! I will add these tools to the list of possible tools to hack :)

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.