cvereport - Man Page

Generate an HTML report for the cvechecker output

Synopsis

cvereport [-d | -D] <targetdir> <acknowledgementfile>

The cvereport tool will generate an HTML report based on the cvechecker output. The report is generated based on some simple XML/XSLT transformations and uses an acknowledgement file to keep track of the state of the CVE entries matching your system.

Usage

Command Usage

The command requires two user-specified options:

The targetdir is an existing, writeable directory where cvereport can store its report.html output.
The acknowledgementfile is an existing, readable XML file that contains the analysis of the CVE entries for your system

The difference between -d and -D is that

-d runs the standard cvechecker report, whereas
-D runs the cvechecker report including matches for higher versions of the installed software

Acknowledgement File Format

The XML file for the acknowledgements uses the following syntax:

<?xml version="1.0"?>
<acknowledgements>
  <resolution id="resolution_id_1">Comment about why a CVE entry is irrelevant for your system</resolution>
  <resolution id="resolution_id_2">Another comment</resolution>
  <comment id="comment_id_1">Comment why the CVE is acknowledged, but not resolved</comment>
  <file name="/path/to/filename1" cve="CVE-2000-1234" state="irrelevant" resolution="resolution_id_1" />
  <file name="/path/to/filename2" cve="CVE-2000-5678" state="irrelevant" resolution="resolution_id_2" />
  <file name="/path/to/filename3" cve="CVE-2001-9012" state="acknowledged" comment="comment_id_1" />
</acknowledgements>

The use of comments or resolutions within the file entity is not mandatory, but recommended.

Author

cvereport is part of the cvechecker tool. cvereport was written by Sven Vermeulen <sven.vermeulen@siphos.be>.

Info

27 November 2010 September 1, 2010 cvereport Manual