Welcome to CVE Scan!

CVE Scan is a command line tool, fully integrated in your Linux build process. It lists all known security vulnerabilities (referred to as CVEs) for a given build, thus providing insights into what actions should be taken to keep it secure.

CVE Scan provides advanced filtering options to get rid of false positives, leveraging information from Yocto build and various sources of vulnerabilities and patches to automatically assess the relevance of each vulnerability on your product, and manually assess the remaining ones.

To achieve optimal filtering results it uses its own format for the Yocto SBOM (produced by a dedicated Yocto layer), but it can also process SBOM in other standard formats such as CycloneDX or SPDX.

CVE Scan can be run standalone from your workstation, or triggered by your pipelines.

• Introduction
• Changelog
• Concepts
• Formats
• Getting started
• Reference Documentation

If you have any questions, please contact us at TheEmbeddedKit.io.