Description
Description
Hi cve-bin-tool team. We currently evaluate the integration of cve-bin-tool into EMBA. In EMBA we query the CVE data via grep queries. These include sometimes regular expressions for vendor entries. like cpe:${CPE_VERSION}:[aoh]:.*${lVERSION_SEARCHx}" "${NVD_DIR}"
The simplest possibility to integrate csv-bin-tool I have found is via csv import like python3 ./cve_bin_tool/cli.py -i ~/Downloads/test.csv --offline
In such a case we could prepare test.csv with some entries like linux_kernel,linux,2.6.23
But in the mentioned use-case of linux_kernel,,2.6.23 this approach fails. Is there already a mechanism to perform queries with wildcard vendors that I have missed? Probably we could enter some key-word as vendor to bypass the vendor search?
Why?
cve-bin-tool is much faster in CVE queries as the current EMBA approach. Probably we could integrate it into EMBA as the main CVE query engine.
Environment context (optional)
Currently it is for evaluating a possible integration into EMBA. In the future it could be integrated as the central CVE engine for EMBA. EMBA is providing a Kali Linux based docker base image where we could integrate cve-bin-tool.