future-architect/
Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
USD raised
Recent activities
Target OS is SLES variant, so vuls tui failed to fill OVAL information as vuls can't get the os
Support Ubuntu 20.04
ssh from yubikey or similar
support metasploit data (go-exploitdb)
Rejected CVEs are detected
FreeBSD `pkg audit` command needs Internet connection
Need to be able to specify containers when doing reports
Support for FreeBSD jails
Display CERT information to slack notification
Show release dates of the patched packages?
Enable to define scanMode for each container in config.toml
Add Discord reporter
Product bugs encountered during scanning
Unable to upgrade vuls
Failed to validate database path when reporting using docker
Failed to NewDB. Since SchemaVersion is incompatible, delete Database and fetch again
Fast scan always failed on RedHat8
Scan only software and libraries
'vuls tui' and 'vuls report' output different vulnerabilities
Vuls/VulsRepo reporting vulnerabilities that are not on the machine
vuls report -to-localfile not writing
github.com/boltdb/bolt switch to github.com/etcd-io/bbolt?
Embed friendly license and commercials
parse error with redis kevuln
can vuls find jar files in the filesystem when using `lockfile` module
detector.goCveDictClient.fetchCveDetails errors out with too many SQL variables;
vuls fails to detect OS on CentOS Stream 8 host
configtest and scan Failed
What is the utility of the X-Vuls-Kernel-Version header when debian?
Failed to check EOL for alpine linux
Getting error while fetching nvdcve jsons during installation.
Support to upload report to custom S3 (minio)
reporting error fixedIn for amazon linux 2023
amazon linux 2022 is identified as amazon linux 2
False Positive in Packages in ubuntu after moving to gost instead of oval
symlink - current
Failed to configtest and scan
List of CVEs to ignore
[vulsctl on host] no cve results on debian 9
Does Vuls match oval and 3rd party repositories?
ERROR: syntax error at or near \".\" (SQLSTATE 42601)
Question: Difference between redhat and redhat_api
Scan says 0 packages with CVE, OVAL says 261
Reporting multiple hosts results with ignore options to telegram doesn't work
Required go versin in Install Manually
Email summary doesn't include criticals
Ubuntu kernel detection
NVD will retire its legacy data feeds by September 2023
vuls discover CIDR
Support JAR/WAR/EAR files ☕
OVAL entries of centos 7.9.2009 are not found
Gost driver w/ SQLite opens file descriptor, fails to close it
reporting to Google Chat
Ubuntu 20.10 End of Life on July 22 2021
FreeBSD 13.0 EOL
FP in curl CVE-2018-0500
FP CVE-2011-4862
Support Go binaries 🦍
DockerHub Automated Builds not working
Vuls Report not Including Critical values in Total amount of vulnerabilities
Can't report Ubuntu 21.04
TLS InsecureSkipVerify option
gost sqlite connections not closing, causing OOM
Vuls having trouble to detect kernel version
Unsupported protocol scheme at http reports
trivy-to-vuls doesn't support latest trivy results
Vuls in server mode: the package order in POST request has an effect on vuls CVE report content
VulsIO server mode seems broken since 0.18 upgrade.
Update license to Apache 2.0?
linux packages searched when ospkg is not specified in scanModule
Can I use vuls to see if a server has CVE-2021-44228 – Log4j
Too hard to install
ssh-key with passphrase not working in vulsctl docker env
Support Amazon linux 22
Debian (and likely, ubuntu) oval do not seem to be parsed correctly for "patch" entries
Create SECURITY.md
Performance issue
Error in cve_client.go
Scan fails for some of the hosts [dnf/yum errors] - result "Failed to scan"
Empty CVE list
Vuls in server mode since v0.15.14: json schema update ?
Support works WPScan on Sakura's Rental Server
False positives, when OS version does not match
too many SQL variables
Package version detection from external repos
Vuls Report shows zero vulnerabilities when scanning Ubuntu 24.04 using Vuls docker scan
failed to scan lockfile in windows server
failed to scan lockfile in pseudo server on windows
affected package output differs for each vuls report, distro adovisories are insufficient in RedHat
perf(redhat): Performance degradation in Red Hat scanning from v0.25.2 to v0.30.0
Vuls2-based reports cannot be generated in parallel
False positives in RedHat when there is a CVE and RHSA, as if it has been fixed
Patched Packages Still Being Detected as Vulnerable by Vuls
Suggest a powerful free and open source WAF - UUSEC WAF
panic: invalid freelist page when open vuls.db for redhat and alma
Scan Fails When Lock File is Specified as a Relative Path Due to Unexpected Absolute Path Generation
How to fetch vul2.db locally ?
Cleanup deprecated RedHat/CentOS/Alma/Rocky OVAL related codes
Connection refused from client side when sending report via http in server mode
openSUSE Leap 15.6: shows 0 updatable, but there are available updates
unable to scan remote host
upgrade go to 1.23.1 to resolve CVEs
Unable to scan and get the report for Oracle Linux server
Is there a way to scan Ubuntu machines with OVAL
gost.autoCpe fails to detect CPEs for standard Ubuntu 22.04 packages (e.g., OpenSSL, libxml2)
Scan Container Images
bug(cmd/snmp2cpe): logs are not output when using version 0.28.0 or later
1
1 Fariborz
Package scanning on redhat-type system appears broken
binary lockfile analysis broken on windows
Support for Rocky Linux 10
Scan Mode Permissions Ignored When Scanning Lockfiles in Local Scan
Remove replace directive in go.mod for open-policy-agent/opa
failed to create vuls.db using `vuls-data-extracted-redhat-ovalv2` as the data source
Cannot start vuls server on Ubuntu22 - "Failed to new OVAL client"
DistroAdvisories Fluctuation with Same CVE References in RedHat OVALv2
Race condition in database initialization during concurrent server requests
Debug log in `detectWindows` is not output
Error for new/old rpm distributions
number of updatable packages does not match
Failed to fetch vuls.db when reporting RedHat on Windows
Errors when running a scan of a Windows machine from a Linux machine
Support for Fedora is not working
Windows not shown in supported OS list
Question: Heatmap Category Count
Having redhat section when scanning ubuntu vm
vuls in server mode with sqlite3 DBs (nvd + goval), no CVE in report from an http request with curl: "Skip OVAL and Scan with gost alone." ": 0 CVEs are detected with OVAL" ": 0 CVEs are detected with gost" ": total 0 CVEs detected"
FreeBSD 14 scanning target support?
Package for debian 12
Error on make install
Remote scan from Linux to Windows fails
Skip OVAL and Scan with gost alone & False Positive in ubuntu 20.04
Vulsctl - Quickest Vuls setup
`future-vuls upload` command doesn't have `--upload` flag in v0.23.4
goval-dictionary : Failed to fetch redhat 8
Skip OVAL and Scan with gost alone
too long for Unix domain socket (SSH ControlPath)
Support for Grafana or Kibana
vuls scan -cvss-over does not work
Enhanced kernel package check with multiple versions installed
Known Host Error does not properly explain issues
The Ubuntu OVAL link in the README is dead
openSUSE Leap 15.6: zypper -q lu Unknown format
vuls report fails when openSUSE Leap 15.6 host is added to config
Multiple versions are detected in some packages on Debian-based distributions
Support for alpine is not actually in place despite the OS being listed as supported
Difference in cve contents between vuls report and trivy-to-vuls
The enhancement of the amount of cveContents information included in trivy-to-vuls
Avoiding block during scanning
failed to get modularitylabel on RedHat
severity is different for each scan on debian
How is server/json mode expected to work for windows ?
A lot of bugs are there
Error on json report : err: json: cannot unmarshal object into Go struct field Nvd.Cvss2 of type
no information in "title" field for vuls scan on ubuntu vm
Issue in trivy to vuls convertor
Results of the scan & report seem odd
vuls docker image can't detect localhost os. (Specify OS in config file?)
Panic if no permissions in log directory
CentOS8 configtest always failed
report -to-email smtp not support ssl?
panic: runtime error: invalid memory address or nil pointer dereference
Add vuls site to Wiki
Add support for `-result-dir` to be a S3 bucket and path for server and scan.
Update Alpine version in the image.
Support image digest
Support latest Dependency Check
docker containers on the local server
coreOS is not in Supported OS
Support CVSS:3.1 for Red Hat OVAL
Uses obselete/deprecated library "github.com/hashicorp/uuid"
ReportedAt is not written json report that is stored with one-liner scan
Results with "to-http" option is not working
Vuls reporting vulnerability when it is not affecting that particular OS distributions
False negatives by Vuls
Cannot import scan results in elasticsearch
CVE report in Chinese
FixedIn version should be integrated to VulsRepo webserver
[Apr 9 01:21:57] ERROR [localhost] Failed to init servers. err: No scannable base servers:
Export Report to XML failing
Vuls not reporting any vulns for FreeBSD
arch linux support
Feature request: Sort report by CVE
Enable to scan specific docker container
CVE report in Spanish
Failed to detect OS
Support Gentoo Linux
support kali linux
Kali-rolling not supported
Include CWE detailed information in report
Deep Scan failed when scanned docker container's initial command is not like systemd
The OVAL name of the running kernel image is not found
Unsupport(Disable) Conrainer Image Scanning
Show `fixed` instead of `unknown` for OVAL scan in report
"merge" json files in current folder
Unsupport family: centos
Syntaxe error on awk during ps command on container
Inventory notification
OVAL entries of ubuntu 19.04 are not found. Fetch OVAL before reporting.
Library Vulns Scan doesn't output affectedPackages and confidences attributes.
vuls report failed: too many SQL variable
End of support for Debian 7 wheezy
Requesting examples in documentation for Github security alerts and vuls
VulsRepo is giving different number of vulnerabilities than normal report we get
CVE-2018-14634 Mutagen Astronomy not in vuls report
Detect `need-restarting procs` on SUSE
Support go-exploitdb in servermode and slack notification
Config.toml no such file or directory in docker
results json displays "rbenv not found"
Centos not supported?
suspicious append call without element argument
NotFixedYet status on vuls IHM
report -diff does not work for multihost sacn results
Failed to scan WordPress's poor theme/plugin
Installation error
Support CentOS 8
Support Debian 10 buster
Not able to point this db cache location in a flag
Deploy failed with checksum mismatch error on go version 1.12
Add metasploit information to the report
Vuls does not find database file
vuls/vuls:latest (>=0.9.2 db9efcc67b00) : json payload changed in response - notFixedYet field becomes optional
Failed to fill with OVAL:- OVAL entries of ubuntu 17.10 are not found.
VULS in server mode, new issue about OVAL DB docker image which prevents to get json report
vuls report giving incorrect package version and give cve related to it.
Docker ssh problem
limit the number of parallel scans ?
Vuls failed to scan updatable packages
Compilation error
Is new the license AGPL-3.0?
Library Scan Grep Pattern Is Not Exhaustive and Leads to Confusing Errors
`make install` has failed
Update "WordPress Vulnerability Database" URL
CVE-2018-5710 exists in vuls report on ubuntu 18.04 LTS bionic with patched packages krb5
failed to -format-xml option
Can Vuls be used on a Linux without package manager?
ssh-key with passphrase not working
Support One liner scan for Oracle Linux
Version Mismatches as Version is Hard-Coded and Not Updated
invalid escape character
Vuls in server not outputing the same JSON as local scan
vuls-beats
Failed to fetch redhat vulnerability DB
Can ignore APK warning message?
FreeBSD : Package Not Found
alpine sec db deprecated
Is there a way to talk to vuls report via API?
It is not clear how current symlink / scannedAt is working
Failed to check EOL
jvndb cannot be updated normally from 2021/02/26
I got a error output as the description when running the scan.sh
Remove -ssh-native-insecure from scan subcommand
False positive CVE vulnerability (one-liner submission)
CVE-2020-12762 on ubuntu 20.04: when libjson-c-dev is patched (version 0.13.1+dfsg-7ubuntu0.3), cve continues to be returned by vuls with severity 0
Old fixed CVE vulnerabilities reported in Centos7.x while running vuls docker
"cvss2Severity" and "cvss3Severity" in "redhat" are output in reverse
Failed to execute tui with "panic: runtime error"
Is it possible to scan lock files with pseudo type server
Scan returns 0 packages installed
Release v0.15.0 ???
The document about Fetch OVAL redhat version need add version8
The documentation is inaccurate about Fetch OVAL(redhat)
WARN [localhost] The OVAL name of the running kernel image {Release:3.19.0-25-generic Version: RebootRequired:false} is not found. So vulns of `linux` wll be detected. server: ubuntu
I'd like to organize the result directory for the tenant.
vuls report stop at malformed wordpress plugins/themes...
Ubuntu 20 report failing with lastest updates.
Unable to connect via SSH. Scan with -vvv option to print SSH debugging messages and check SSH settings
how to deploy vuls on kubernetes cluster?
output config.json by discover command
Scan only specific moving containers
scan Wordpress on moving containers
Scan results for non-OS packages are incorrect
I want "ProxyJump" to be supported in "config.toml".
When using "Easiest way to setup Vuls-Vulsctl", vuls scan fails.
libraries section is wrong
support SUSE distributions
CVE not detected but present in database
Would you consider support for nginx
Support to Fedora
looking for composer.json instead of composer.lock
wrong version comparison on alpine packages
ERRO[0000]
Vuls server not working with empty config anymore
Absolute symlink for 'current' in 'results' dir is wrong while checking on docker host
Display translated vulnerrability summary using Deepl library
Duplicate servers in the config have different results.
CPE report is not working
Filter Results
How can I craft a scan results to generate a report?
The scan results are incorrect
vuls report failed with "Failed to fill with OVAL".
vuls report can't send mail to smtp.office365.com
OpenSUSE Support
Is there a way to create report in csv format?
Why the web site is offline ? https://vuls.io/ i
Supporting EC2 Instance Connect
CPE update failed
Display translated vulnerability summary using Deepl or something like that
Display End-of-life(EOL) information of the scanned OS
Raspbian Pi OS scanning using OVAL DB
Vuls will have issue #1000 :-)
© 2019 BoostIO, Inc.
IssueHunt
