Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
aliens4friends
Manage
Activity
Members
Labels
Plan
Issues
31
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
1
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Eclipse Projects
Eclipse Oniro Compliance Toolchain
toolchain
aliens4friends
Commits
a141c54a
Commit
a141c54a
authored
3 years ago
by
Peter Moser
Browse files
Options
Downloads
Patches
Plain Diff
WIP
parent
af03122b
No related branches found
No related tags found
1 merge request
!48
Draft: Documentation updates
Pipeline
#8860
waiting for manual action with stages
in 2 minutes and 28 seconds
Changes
1
Pipelines
2
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
README.md
+25
-1
25 additions, 1 deletion
README.md
with
25 additions
and
1 deletion
README.md
+
25
−
1
View file @
a141c54a
...
...
@@ -60,6 +60,7 @@ it is a presumed friend, and we can safely invite it to our party.
-
[
Step 11: Generate final SPDX file, after human review
](
#step-11-generate-final-spdx-file-after-human-review
)
-
[
Step 12: Harvest all results and create a final report
](
#step-12-harvest-all-results-and-create-a-final-report
)
-
[
Special commands
](
#special-commands
)
-
[
CVEcheck
](
#cvecheck
)
-
[
Session
](
#session
)
-
[
Filter
](
#filter
)
-
[
Manual installation and execution on your host machine
](
#manual-installation-and-execution-on-your-host-machine
)
...
...
@@ -1190,7 +1191,7 @@ optional arguments:
-
INPUT:
`.deltacode.json`
,
`.scancode.json`
,
`.fossy.json`
,
`.snapmatch.json`
and
`.alienmatcher.json`
files
-
OUTPUT:
`POOL/stats/<some-dated-name>.json`
as report for the graphical Dashboard
-
OUTPUT:
`POOL/stats/<some-dated-name>.
harvest.
json`
as report for the graphical Dashboard
Execute:
...
...
@@ -1230,6 +1231,29 @@ optional arguments:
## Special commands
### CVEcheck
-
INPUT:
`POOL/stats/<some-dated-name>.harvest.json`
-
OUTPUT:
`POOL/stats/<some-dated-name>.harvest.cve.json`
as report for the graphical Dashboard
Check potential security vulnerabilities for debian-like software packages. The
command searches the current national vulnerability database
(
[
NIST
](
https://nvd.nist.gov/vuln/data-feeds
)
) and try to find potential
security vulnerabilities for the searched software product. Local copies of NIST
database feeds will be updated once every 24h.
The retrieved CVE's can be searched by
`vendor`
,
`product`
and
`version`
.
Alternatively, an existing
`harvest.json`
can be parsed and automatically
supplemented with appropriate results.
Execute:
```
sh
aliens4friends cvecheck
-s
MYSESSION
```
### Session
#### Filter
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment