The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
We've had more than a few cases where we needed to test or fix data from a single data source, but the only way to trigger a full reload of data on the command-line is to do -u now which will blow away all data. It would be nice if we had some ways to refresh only specific data sources.
Since we already have a lot going on in the main cve-bin-tool command line option list, it might make more sense to have this be a separate utility. Not sure off the top of my head if that's possible though, so it might have to be a flag that accepts a list of data sources such as --refresh EPSS
Some of these it'll be easy to just delete the relevant database tables, others may require more finesse to work properly.
Description
We've had more than a few cases where we needed to test or fix data from a single data source, but the only way to trigger a full reload of data on the command-line is to do
-u now
which will blow away all data. It would be nice if we had some ways to refresh only specific data sources.Since we already have a lot going on in the main cve-bin-tool command line option list, it might make more sense to have this be a separate utility. Not sure off the top of my head if that's possible though, so it might have to be a flag that accepts a list of data sources such as
--refresh EPSS
Some of these it'll be easy to just delete the relevant database tables, others may require more finesse to work properly.