The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
purl = self.generate_purl(product)
vendors, result = self.find_vendor_from_purl(purl, version)
if not result:
vendors = self.find_vendor(product, version)
vendors = self.mismatch(purl, vendors)
if vendors is not None:
yield from vendors
self.logger.debug(f"Done scanning file: {self.filename}")
We should probably put those all into a generic function on the parser class or something.
In the parser code, I see a lot of variants on...
We should probably put those all into a generic function on the parser class or something.
Originally posted by @terriko in https://github.com/intel/cve-bin-tool/pull/4269#pullrequestreview-2205756854
tagging @inosmeet