...
Create directory
$ mkdir ~/vuls $ cd ~/vuls $ mkdir go-cve-dictionary-log goval-dictionary-log gost-log
Fetch NVD
$ docker run --rm -it \ -v $PWD:/go-cve-dictionary \ -v $PWD/go-cve-dictionary-log:/var/log/go-cve-dictionary \ vuls/go-cve-dictionary fetch nvd
Fetch OVAL
if OS is Ubuntu 18.04/22.04, we use following command,
$ docker run --rm -it \ -v $PWD:/goval-dictionary \ -v $PWD/goval-dictionary-log:/var/log/goval-dictionary \ vuls/goval-dictionary fetch ubuntu 18 19 20 21 22
if OS is RaspberryPi(Debian 11), we use following command,
$ docker run --rm -it \ -v $PWD:/goval-dictionary \ -v $PWD/goval-dictionary-log:/var/log/goval-dictionary \ vuls/goval-dictionary fetch debian 11
Fetch gost
if OS is Ubuntu 18.04/22.04, we use following command,
$ docker run --rm -i \ -v $PWD:/gost \ -v $PWD/gost-log:/var/log/gost \ vuls/gost fetch ubuntu
if OS is RaspberryPi(Debian 11), we use following command,
$ docker run --rm -i \ -v $PWD:/gost \ -v $PWD/gost-log:/var/log/gost \ vuls/gost fetch debian
Create config.toml
[servers] [servers.master] host = "192.168.51.22" port = "22" user = "test-user" keyPath = "/root/.ssh/id_rsa" # path to ssh private key in docker
Start vuls container to run tests
$ docker run --rm -it \ -v ~/.ssh:/root/.ssh:ro \ -v $PWD:/vuls \ -v $PWD/vuls-log:/var/log/vuls \ -v /etc/localtime:/etc/localtime:ro \ -v /etc/timezone:/etc/timezone:ro \ vuls/vuls scan \ -config=./config.toml
Get the report
$ docker run --rm -it \ -v ~/.ssh:/root/.ssh:ro \ -v $PWD:/vuls \ -v $PWD/vuls-log:/var/log/vuls \ -v /etc/localtime:/etc/localtime:ro \ vuls/vuls report \ -format-list \ -config=./config.toml
Vuls
Nexus URL: https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/R7/sses-vuls/
PDH,IoT Gateway
There are 26 CVEs with a CVSS score >= 9.0. These are exceptions requested here:
...
Cloud/Edge Cloud
There are XX 0 CVEs with a CVSS score >= 9.0. These are exceptions requested here: Release 5: Akraino CVE Vulnerability Exception Request
Lynis
Nexus URL(before fix): Nexus URL(after fix):
Nexus URL(after fix):
The initial results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.
...