cvereport man page

cvereport ā€” Generate an HTML report for the cvechecker output

Synopsis

cvereport [-d | -D] <targetdir> <acknowledgementfile>

Description

The cvereport tool will generate an HTML report based on the cvechecker output. The report is generated based on some simple XML/XSLT transformations and uses an acknowledgement file to keep track of the state of the CVE entries matching your system.

Usage

Command Usage

The command requires two user-specified options:

  • The targetdir is an existing, writeable directory where cvereport can store its report.html output.
  • The acknowledgementfile is an existing, readable XML file that contains the analysis of the CVE entries for your system

The difference between -d and -D is that

  • -d runs the standard cvechecker report, whereas
  • -D runs the cvechecker report including matches for higher versions of the installed software

Acknowledgement File Format

The XML file for the acknowledgements uses the following syntax:

<?xml version="1.0"?>
<acknowledgements>
  <resolution id="resolution_id_1">Comment about why a CVE entry is irrelevant for your system</resolution>
  <resolution id="resolution_id_2">Another comment</resolution>
  <comment id="comment_id_1">Comment why the CVE is acknowledged, but not resolved</comment>
  <file name="/path/to/filename1" cve="CVE-2000-1234" state="irrelevant" resolution="resolution_id_1" />
  <file name="/path/to/filename2" cve="CVE-2000-5678" state="irrelevant" resolution="resolution_id_2" />
  <file name="/path/to/filename3" cve="CVE-2001-9012" state="acknowledged" comment="comment_id_1" />
</acknowledgements>

The use of comments or resolutions within the file entity is not mandatory, but recommended.

Author

cvereport is part of the cvechecker tool. cvereport was written by Sven Vermeulen <sven.vermeulen@siphos.be>.

Info

27 November 2010 September 1, 2010 cvereport Manual