Data sources

CVE Scan depends on several third-party data sources:

EPSS (Exploit Prediction Scoring System) from FIRST (Forum of Incident Response and Security Teams).
The KEV (Known Exploited Vulnerabilities) catalog from CISA (Cybersecurity and Infrastructure Security Agency).
The NIST National Vulnerability Database (NVD).

Some of these datasources are specific to the analysis of Linux vulnerabilities: - The mainline Linux kernel git repository. - The Ubuntu CVE Tracker (UCT) git repository.

CVEScan datasources-update command can be used to download and update local copies of these data sources. Those come either as local datastores (EPSS, NVD) or as git repositories (KEV, Linux kernel, UCT). To give meaningful results, these resources need to be reasonably up-to-date.

These are non-trivial downloads (several GiB). By default the following tree structure will be deployed on your local filesystem:

~/.local/share/cvescan
    ├── epss
    ├── cisa_kev
    ├── linux
    ├── nvd
    └── uct

Downloading and updating your local EPSS copy

Use the following command to download or update your local EPSS copy:

cvescan datasources-update epss

Downloading and updating the KEV repository

The KEV (Known Exploited Vulnerabilities) catalog from CISA (Cybersecurity and Infrastructure Security Agency) is available as a Git repository.

It is suggested to use the official repository, not a mirror. Its URI is https://github.com/cisagov/kev-data

Run the following command to download your initial copy of the KEV catalog in $kev_dir:

git clone -b master \
  https://github.com/cisagov/kev-data \
  $kev_dir

Later on, you may update it using one of the following commands:

git --git-dir "$kev_dir" pull --ff-only

or

cvescan datasources-update cisa_kev

Note

If no repository is found at the CVEScan specified location. cvescan datasources-update cisa_kev will perform an initial clone from https://github.com/cisagov/kev-data

Downloading and updating the Linux kernel repository

For the Linux kernel repository the steps are similar to those for the CISA KEV catalog.

To clone the Linux repository in $linux_dir:

git clone https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git $linux_dir

To update it:

git --git-dir "$linux_dir" remote update

or

cvescan datasources-update linux

Note

If no repository is found at the CVEScan specified location. cvescan datasources-update linux will perform an initial clone from `https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Downloading and updating your local NVD copy

Use the following command to download or update your local NVD copy:

cvescan datasources-update nvd

Note

This product uses the NVD API but is not endorsed or certified by the NVD.

Downloading and updating the UCT repository

The Ubuntu CVE Tracker is available in a Git repository. The steps for its replication are similar to those for the CISA KEV catalog or the Linux kernel repository.

It is suggested to use the official repository, not a mirror. Its URI is https://git.launchpad.net/ubuntu-cve-tracker, or alternatively git://git.launchpad.net/ubuntu-cve-tracker.

Run the following command to download your initial copy of the UCT in $uct_dir:

git clone -b master \
  https://git.launchpad.net/ubuntu-cve-tracker \
  $uct_dir

Later on you may update it using on of the following command:

git --git-dir "$uct_dir" pull --ff-only

or

cvescan datasources-update uct

Note

If no repository is found at the CVEScan specified location. cvescan datasources-update uct will perform an initial clone from https://git.launchpad.net/ubuntu-cve-tracker

Periodicity of updates

While the initial download takes some time (approximately 1 hours, depending on the available network bandwidth and various other parameters) the subsequent updates should be relatively quick, assuming they are done regularly.

Since these data sources are modified frequently we advise to run an update of all three before each scan, unless you need a fixed frame of reference for comparing several CVE reports.