|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| cvereport(1) | cvereport Manual | cvereport(1) |
NAME
cvereport - Generate an HTML report for the cvechecker outputSYNOPSIS
cvereport [-d | -D] <targetdir> <acknowledgementfile>
DESCRIPTION
The cvereport tool will generate an HTML report based on the cvechecker output. The report is generated based on some simple XML/XSLT transformations and uses an acknowledgement file to keep track of the state of the CVE entries matching your system.USAGE
COMMAND USAGE
The command requires two user-specified options:- •
- The targetdir is an existing, writeable directory where cvereport can store its report.html output.
- •
- The acknowledgementfile is an existing, readable XML file that contains the analysis of the CVE entries for your system
The difference between -d and -D is that
- •
- -d runs the standard cvechecker report, whereas
- •
- -D runs the cvechecker report including matches for higher versions of the installed software
ACKNOWLEDGEMENT FILE FORMAT
The XML file for the acknowledgements uses the following syntax:<?xml version="1.0"?> <acknowledgements> <resolution id="resolution_id_1">Comment about why a CVE entry is irrelevant for your system</resolution> <resolution id="resolution_id_2">Another comment</resolution> <comment id="comment_id_1">Comment why the CVE is acknowledged, but not resolved</comment> <file name="/path/to/filename1" cve="CVE-2000-1234" state="irrelevant" resolution="resolution_id_1" /> <file name="/path/to/filename2" cve="CVE-2000-5678" state="irrelevant" resolution="resolution_id_2" /> <file name="/path/to/filename3" cve="CVE-2001-9012" state="acknowledged" comment="comment_id_1" /> </acknowledgements>
The use of comments or resolutions within the file entity is not mandatory, but recommended.
AUTHOR
cvereport is part of the cvechecker tool. cvereport was written by Sven Vermeulen <sven.vermeulen@siphos.be>.| 27 November 2010 | September 1, 2010 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.