cvereport [-d | -D] <targetdir> <acknowledgementfile>
The cvereport tool will generate an HTML report based on the cvechecker output. The report is generated based on some simple XML/XSLT transformations and uses an acknowledgement file to keep track of the state of the CVE entries matching your system.
The command requires two user-specified options:
- The targetdir is an existing, writeable directory where cvereport can store its report.html output.
- The acknowledgementfile is an existing, readable XML file that contains the analysis of the CVE entries for your system
The difference between -d and -D is that
- -d runs the standard cvechecker report, whereas
- -D runs the cvechecker report including matches for higher versions of the installed software
Acknowledgement File Format
The XML file for the acknowledgements uses the following syntax:
<?xml version="1.0"?> <acknowledgements> <resolution id="resolution_id_1">Comment about why a CVE entry is irrelevant for your system</resolution> <resolution id="resolution_id_2">Another comment</resolution> <comment id="comment_id_1">Comment why the CVE is acknowledged, but not resolved</comment> <file name="/path/to/filename1" cve="CVE-2000-1234" state="irrelevant" resolution="resolution_id_1" /> <file name="/path/to/filename2" cve="CVE-2000-5678" state="irrelevant" resolution="resolution_id_2" /> <file name="/path/to/filename3" cve="CVE-2001-9012" state="acknowledged" comment="comment_id_1" /> </acknowledgements>
The use of comments or resolutions within the file entity is not mandatory, but recommended.
cvereport is part of the cvechecker tool. cvereport was written by Sven Vermeulen <firstname.lastname@example.org>.