Welcome to CVE Scan !

CVE Scan is a command line tool, fully integrated in your Linux build process. It lists all known security vulnerabilities for a given build, thus providing insights into what actions should be taken to keep it secure.

CVE Scan provides advanced filtering options to get rid of false positives, leveraging information from Yocto build and various sources of vulnerabilities and patches to automatically assess the relevance of each vulnerability on your product, and manually assess the remaining ones.

CVE Scan can be run standalone from your workstation, or triggered by your pipelines.

To achieve optimal filtering results it uses itw own format for the Yocto SBOM (produced by a dedicated Yocto layer), but it can also process SBOM in other standard formats such as CycloneDX or SPDX.

• Introduction
• Changelog
• Concepts
• Getting started
• Reference Documentation

If you have any questions, please contact us at TheEmbeddedKit.io.