Closed rpicot-lecko closed 1 year ago
Currently, Debian detects from gost (= debian-security-tracker) information instead of goval-dictionary (= OVAL).
Please run $ ./gost.sh --debian
and then report.
Since I did not receive any reply, I assumed that the problem had been resolved. If you have any further questions, please reopen this issue.
What did you do? (required. The issue will be closed when not provided.)
I followed this tutorial: https://vuls.io/docs/en/install-with-vulsctl-host.html
I used a VM on debian 9
Using an old version, so as to certainly have CVEs detected.
I did see that the script
oval.sh
had only debian 10 and 11, so i added 9 so it looks like the followinggoval-dictionary fetch debian ${@} 9 10 11
and then launched it again. The logs indicated that the data for debian 9 actually got downloadedWhat did you expect to happen?
After the install, and the first scan on local machine, have CVEs on the report
What happened instead?
no cve detected during scan on local machine
same with
-debug
Steps to reproduce the behaviour
Configuration (MUST fill this out):
Go version (
go version
):go1.20.2 linux/amd64
Go environment (
go env
):Vuls environment:
$ vuls -v
[servers.localhost] host = "localhost" port = "local"