Skip to content
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.
/ yavdb Public archive

Yet Another Vulnerability Database

License

AGPL-3.0 license
15 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rtfpessoa/yavdb

BranchesTags

Repository files navigation

Yet Another Vulnerability Database

Codacy Badge Codacy Badge CircleCI

The Free and Open Source vulnerability database.

This database aims to aggregate multiple sources of vulnerabilities for the most common package managers helping developers identify and fix know vulnerabilities in their apps.

The sources for this database include Rubysec, snyk, (removed) Friends of PHP, Magento Related Security Advisories, Victims CVE Database, RustSec

Prerequisites

  • Ruby 2.3 or newer

Installation

gem install yavdb

TODO:

Tests

Features/Improvements

  • Support non semver versions
  • Merge duplicates
  • Scrape NVD for other package manager vulnerabilities
  • Find more sources

Help

Commands:
  yavdb download                                                            # Download a previously generated database from the official yavdb repository into yavdb-path.
    Options: p, [--yavdb-path=YAVDB-PATH]  # Default: <HOME>/.yavdb/yavdb
  yavdb generate                                                            # Crawl several sources and generate a local database in database-path.
    Options: p, [--database-path=DATABASE-PATH]  # Default: <PWD>/database
  yavdb help [COMMAND]                                                      # Describe available commands or one specific command
  yavdb list --package-manager=PACKAGE-MANAGER --package-name=PACKAGE-NAME  # List vulnerabilities from database-path of package-name for package-manager.   
    Options: p, [--database-path=DATABASE-PATH]  # Default: <HOME>/.yavdb/yavdb/database

Options:
  [--verbose], [--no-verbose]

Development

After checking out the repo, run bin/setup to install dependencies. Then, run bundle exec rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/yavdb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Copyright

Copyright (c) 2017-present Rodrigo Fernandes. See LICENSE for details.

About

Yet Another Vulnerability Database

Topics

javascript ruby java go php npm security rubygems packagist composer node database maven nuget cocoapods pypi pip vulnerabilities dependencies hacktoberfest

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity

Stars

15 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases 8

Add RustSec as a source Latest
Feb 17, 2019
+ 7 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages