I love how vuls supports scanning for CVE's in some common package managers. I would like to see this list extended, in order to catch security problems on more machines.
(If you already include support for some of these, please lemme know which ones!)
App Store (macOS)
adb (Android)
arch-audit (Arch Linux)
pkg-audit (FreeBSD, DragonflyBSD, HardenedBSD)
pkg_admin audit (NetBSD)
pkg for more FreeBSD variants, including DragonflyBSD, HardenedBSD, NetBSD, OpenBSD, etc.
pkgin
pkgsrc
Snap (Linux)
Flatpak (Linux)
apk (Alpine Linux)
apt (Debian Linux family)
ipkg (busybox/toybox Linux)
opkg (OpenWrt Linux)
PPA's (Ubuntu Linux family)
urpmi (Mageia Linux)
Homebrew (macOS and Linux)
Chocolatey (Windows)
winget (Windows)
various WSL package managers, when vuls is run directly on a Windows host shell outside of WSL
entries in archives (zip, tar/gz/tgz/tar.gz/bz2/tbz2/tar.bz2/xz/txz/tar.xz, rar, jar, war, lzma, 7z, etc.)
Cabal (Haskell programming language)
Dub (D programming language)
Conan (C/C++ programming languages)
vcpkg (C/C++ programming languages)
ASDF (the Common Lisp package manager, not the version manager)
various Scheme language package managers
ShellCheck (POSIX sh family programming languages)
ohmyzsh and various other zsh, bash, etc. shell package managers
Kubernetes (with KICS, checkov, etc.)
go mod (Go programming language, just run snyk test)
vendor source trees (various programming languages)
git submodules
I think a lot of vulnerabilities hide out in these kinds of alleys, so the more of these we can include in vuls scans, the stronger our security posture will be.
I love how vuls supports scanning for CVE's in some common package managers. I would like to see this list extended, in order to catch security problems on more machines.
(If you already include support for some of these, please lemme know which ones!)
pkg_admin audit
(NetBSD)cargo audit
)safety check
command)gem audit
)npm audit
)vulnerability
module https://forge.puppet.com/modules/enterprisemodules/vulnerability/readme )go mod
(Go programming language, just runsnyk test
)vendor
source trees (various programming languages)I think a lot of vulnerabilities hide out in these kinds of alleys, so the more of these we can include in vuls scans, the stronger our security posture will be.