Configuration File
YAML file configuration comes as an alternative to manually setting each CVEScan subcommand options from the cli. Note that option set from the cli will override file configured values
A file path can be passed through the --config option to the CLI.
If none is provided, CVEScan will check for the existence of a configuration file config.yml in the current directory.
Finally it will try to retrieve it from the platform-specific configuration directory (e.g. on Linux ~/.config/cvescan/config.yml).
Definition
basename: BASENAME
inventory_format: INV_FORMAT
annotations: ANNOTATIONS
connectors:
nvd:
rate_limit_calls: RATE_LIMIT_CALLS
rate_limit_period: RATE_LIMIT_PERIOD
mirror: NVD_PATH
osv:
rate_limit_calls: RATE_LIMIT_CALLS
rate_limit_period: RATE_LIMIT_PERIOD
advanced_purl_parsing: true | false
uct:
mirror: UCT_PATH
match:
- nvd
- osv
- uct
fetch:
- nvd
- osv
- uct
scope:
project: PROJECT
component: COMPONENT
transversal: TRANSVERSAL
scan_inventory:
kept_packages: KEPT_PACKAGES
filter_report:
cache_dir: FILTER_CACHE
git_dir: GIT_DIR
upstream_uri: REF
export_report:
export_format: EXPORT_FORMAT
vulnerable_only: true | false
serve-ui:
port: PORT
BASENAMEis the prefix to be used for all files handled by CVE Scan. When not specified it will be deduced from the inventory filename (without extension). It is used to name the generated reports when no-ooption is provided.