Open jonathangull opened 1 year ago
prabhu
commented
1 year ago @jonathangull dep-scan already has the list of CPEs via the database. It can accept a cyclonedx bom file which is more precise than CPE strings. Could you describe your requirement a bit further?
jonathangull
commented
1 year ago Thanks @prabhu My requirement is as follows -
We have different type of asset types - servers (windows/linux), Network Devies , cloud infrastructure etc. we need to scan this infra and NIST DB to find vulnerabilities for assets and plot a dashboard.
Just thinking if Depscan can help achieve the part of getting the asset->vuln in DB from which we can plot the graph.
jonathangull
commented
1 year ago @prabhu any suggestions?
prabhu
commented
1 year ago @jonathangull Could you share an example? This is currently not possible with depscan or vulnerability db so no promises from my end.
Hi I would like to supply a file with list of assets(hardware,operating system,application) to dep-scan as input to scan for vulnerabilities and get matching vluns from NIST.
a@MacBook-Air bin % cat assets.txt cpe:2.3:h:cisco:isr_4331:-::::::: cpe:2.3⭕cisco:ios:15.6(1.22)t:::::::
Is this possible