future-architect/
Vulnerability scanner for Linux/FreeBSD, agentless, written in Go
USD raised
Recent activities
Target OS is SLES variant, so vuls tui failed to fill OVAL information as vuls can't get the os
Support Ubuntu 20.04
ssh from yubikey or similar
support metasploit data (go-exploitdb)
Rejected CVEs are detected
FreeBSD `pkg audit` command needs Internet connection
Need to be able to specify containers when doing reports
Support for FreeBSD jails
Display CERT information to slack notification
Show release dates of the patched packages?
Enable to define scanMode for each container in config.toml
Add Discord reporter
Scan only software and libraries
Email summary doesn't include criticals
Ubuntu kernel detection
NVD will retire its legacy data feeds by September 2023
vuls discover CIDR
Embed friendly license and commercials
Unable to upgrade vuls
Failed to validate database path when reporting using docker
Failed to NewDB. Since SchemaVersion is incompatible, delete Database and fetch again
Fast scan always failed on RedHat8
Required go versin in Install Manually
'vuls tui' and 'vuls report' output different vulnerabilities
Vuls/VulsRepo reporting vulnerabilities that are not on the machine
vuls report -to-localfile not writing
github.com/boltdb/bolt switch to github.com/etcd-io/bbolt?
Product bugs encountered during scanning
parse error with redis kevuln
can vuls find jar files in the filesystem when using `lockfile` module
detector.goCveDictClient.fetchCveDetails errors out with too many SQL variables;
symlink - current
goval-dictionary : Failed to fetch redhat 8
Skip OVAL and Scan with gost alone
too long for Unix domain socket (SSH ControlPath)
Support for Grafana or Kibana
vuls scan -cvss-over does not work
Performance issue
reporting error fixedIn for amazon linux 2023
amazon linux 2022 is identified as amazon linux 2
False Positive in Packages in ubuntu after moving to gost instead of oval
vuls fails to detect OS on CentOS Stream 8 host
Failed to configtest and scan
List of CVEs to ignore
[vulsctl on host] no cve results on debian 9
Does Vuls match oval and 3rd party repositories?
Support to upload report to custom S3 (minio)
Question: Difference between redhat and redhat_api
Scan says 0 packages with CVE, OVAL says 261
Reporting multiple hosts results with ignore options to telegram doesn't work
FreeBSD 13.0 EOL
Support works WPScan on Sakura's Rental Server
False positives, when OS version does not match
too many SQL variables
Package version detection from external repos
DockerHub Automated Builds not working
OVAL entries of centos 7.9.2009 are not found
Gost driver w/ SQLite opens file descriptor, fails to close it
reporting to Google Chat
Ubuntu 20.10 End of Life on July 22 2021
Vuls in server mode since v0.15.14: json schema update ?
FP in curl CVE-2018-0500
FP CVE-2011-4862
Support Go binaries 🦍
Support JAR/WAR/EAR files ☕
Vuls Report not Including Critical values in Total amount of vulnerabilities
Can't report Ubuntu 21.04
TLS InsecureSkipVerify option
gost sqlite connections not closing, causing OOM
Too hard to install
configtest and scan Failed
What is the utility of the X-Vuls-Kernel-Version header when debian?
Failed to check EOL for alpine linux
Getting error while fetching nvdcve jsons during installation.
ERROR: syntax error at or near \".\" (SQLSTATE 42601)
Update license to Apache 2.0?
linux packages searched when ospkg is not specified in scanModule
Can I use vuls to see if a server has CVE-2021-44228 – Log4j
`future-vuls upload` command doesn't have `--upload` flag in v0.23.4
ssh-key with passphrase not working in vulsctl docker env
Support Amazon linux 22
Debian (and likely, ubuntu) oval do not seem to be parsed correctly for "patch" entries
Create SECURITY.md
VulsIO server mode seems broken since 0.18 upgrade.
Error in cve_client.go
Scan fails for some of the hosts [dnf/yum errors] - result "Failed to scan"
Empty CVE list
affected package output differs for each vuls report, distro adovisories are insufficient in RedHat
DistroAdvisories Fluctuation with Same CVE References in RedHat OVALv2
Race condition in database initialization during concurrent server requests
Debug log in `detectWindows` is not output
Error for new/old rpm distributions
number of updatable packages does not match
Failed to fetch vuls.db when reporting RedHat on Windows
Scan Fails When Lock File is Specified as a Relative Path Due to Unexpected Absolute Path Generation
failed to scan lockfile in windows server
failed to scan lockfile in pseudo server on windows
Cannot start vuls server on Ubuntu22 - "Failed to new OVAL client"
perf(redhat): Performance degradation in Red Hat scanning from v0.25.2 to v0.30.0
Vuls2-based reports cannot be generated in parallel
False positives in RedHat when there is a CVE and RHSA, as if it has been fixed
Patched Packages Still Being Detected as Vulnerable by Vuls
Suggest a powerful free and open source WAF - UUSEC WAF
panic: invalid freelist page when open vuls.db for redhat and alma
Vuls Report shows zero vulnerabilities when scanning Ubuntu 24.04 using Vuls docker scan
How to fetch vul2.db locally ?
bug(cmd/snmp2cpe): logs are not output when using version 0.28.0 or later
Scan Container Images
Failure to see what the problem realy is.
fix(ci/diet): fix shell heredoc
vuls2: documentation on data coverage and recommended nightly DB image
`trivy-to-vuls parse` produces excessively large output for `node-pkg` type scans (O(N²) library duplication)
windows scan failed in parsing package information
vuls report fails when checkrestart service names include an architecture suffix
go deps package building issue
Update cosign to v3
Cleanup deprecated RedHat/CentOS/Alma/Rocky OVAL related codes
1
1 Fariborz
Package scanning on redhat-type system appears broken
binary lockfile analysis broken on windows
Support for Rocky Linux 10
Scan Mode Permissions Ignored When Scanning Lockfiles in Local Scan
gost.autoCpe fails to detect CPEs for standard Ubuntu 22.04 packages (e.g., OpenSSL, libxml2)
failed to create vuls.db using `vuls-data-extracted-redhat-ovalv2` as the data source
Question: Heatmap Category Count
How is server/json mode expected to work for windows ?
A lot of bugs are there
Error on json report : err: json: cannot unmarshal object into Go struct field Nvd.Cvss2 of type
no information in "title" field for vuls scan on ubuntu vm
Issue in trivy to vuls convertor
Results of the scan & report seem odd
Remote scan from Linux to Windows fails
Support for Fedora is not working
Windows not shown in supported OS list
severity is different for each scan on debian
Having redhat section when scanning ubuntu vm
vuls in server mode with sqlite3 DBs (nvd + goval), no CVE in report from an http request with curl: "Skip OVAL and Scan with gost alone." ": 0 CVEs are detected with OVAL" ": 0 CVEs are detected with gost" ": total 0 CVEs detected"
FreeBSD 14 scanning target support?
Package for debian 12
Error on make install
Errors when running a scan of a Windows machine from a Linux machine
Skip OVAL and Scan with gost alone & False Positive in ubuntu 20.04
Vulsctl - Quickest Vuls setup
The Ubuntu OVAL link in the README is dead
Connection refused from client side when sending report via http in server mode
openSUSE Leap 15.6: shows 0 updatable, but there are available updates
unable to scan remote host
upgrade go to 1.23.1 to resolve CVEs
Unable to scan and get the report for Oracle Linux server
Is there a way to scan Ubuntu machines with OVAL
Remove replace directive in go.mod for open-policy-agent/opa
Known Host Error does not properly explain issues
Vuls having trouble to detect kernel version
openSUSE Leap 15.6: zypper -q lu Unknown format
vuls report fails when openSUSE Leap 15.6 host is added to config
Multiple versions are detected in some packages on Debian-based distributions
Support for alpine is not actually in place despite the OS being listed as supported
Difference in cve contents between vuls report and trivy-to-vuls
The enhancement of the amount of cveContents information included in trivy-to-vuls
Enhanced kernel package check with multiple versions installed
failed to get modularitylabel on RedHat
Support latest Dependency Check
docker containers on the local server
Panic if no permissions in log directory
CentOS8 configtest always failed
report -to-email smtp not support ssl?
panic: runtime error: invalid memory address or nil pointer dereference
Add vuls site to Wiki
Add support for `-result-dir` to be a S3 bucket and path for server and scan.
Update Alpine version in the image.
Support image digest
Show `fixed` instead of `unknown` for OVAL scan in report
vuls docker image can't detect localhost os. (Specify OS in config file?)
coreOS is not in Supported OS
Support CVSS:3.1 for Red Hat OVAL
Uses obselete/deprecated library "github.com/hashicorp/uuid"
ReportedAt is not written json report that is stored with one-liner scan
Results with "to-http" option is not working
Vuls reporting vulnerability when it is not affecting that particular OS distributions
False negatives by Vuls
CVE report in Spanish
Vuls server not working with empty config anymore
vuls/vuls:latest (>=0.9.2 db9efcc67b00) : json payload changed in response - notFixedYet field becomes optional
FixedIn version should be integrated to VulsRepo webserver
[Apr 9 01:21:57] ERROR [localhost] Failed to init servers. err: No scannable base servers:
Export Report to XML failing
Vuls not reporting any vulns for FreeBSD
arch linux support
Feature request: Sort report by CVE
Enable to scan specific docker container
Cannot import scan results in elasticsearch
CVE report in Chinese
Support Gentoo Linux
support kali linux
Kali-rolling not supported
Include CWE detailed information in report
Deep Scan failed when scanned docker container's initial command is not like systemd
The OVAL name of the running kernel image is not found
Unsupport(Disable) Conrainer Image Scanning
"merge" json files in current folder
VulsRepo is giving different number of vulnerabilities than normal report we get
Unsupport family: centos
Syntaxe error on awk during ps command on container
Inventory notification
OVAL entries of ubuntu 19.04 are not found. Fetch OVAL before reporting.
Library Vulns Scan doesn't output affectedPackages and confidences attributes.
vuls report failed: too many SQL variable
End of support for Debian 7 wheezy
Requesting examples in documentation for Github security alerts and vuls
Is new the license AGPL-3.0?
CVE-2018-14634 Mutagen Astronomy not in vuls report
Detect `need-restarting procs` on SUSE
Support go-exploitdb in servermode and slack notification
Config.toml no such file or directory in docker
results json displays "rbenv not found"
Centos not supported?
suspicious append call without element argument
NotFixedYet status on vuls IHM
Vuls does not find database file
Failed to detect OS
Failed to scan WordPress's poor theme/plugin
Installation error
Support CentOS 8
Support Debian 10 buster
Not able to point this db cache location in a flag
Deploy failed with checksum mismatch error on go version 1.12
Add metasploit information to the report
ERRO[0000]
report -diff does not work for multihost sacn results
Failed to fill with OVAL:- OVAL entries of ubuntu 17.10 are not found.
VULS in server mode, new issue about OVAL DB docker image which prevents to get json report
vuls report giving incorrect package version and give cve related to it.
Docker ssh problem
limit the number of parallel scans ?
Vuls failed to scan updatable packages
Compilation error
ssh-key with passphrase not working
WARN [localhost] The OVAL name of the running kernel image {Release:3.19.0-25-generic Version: RebootRequired:false} is not found. So vulns of `linux` wll be detected. server: ubuntu
I'd like to organize the result directory for the tenant.
vuls report stop at malformed wordpress plugins/themes...
invalid escape character
`make install` has failed
Update "WordPress Vulnerability Database" URL
CVE-2018-5710 exists in vuls report on ubuntu 18.04 LTS bionic with patched packages krb5
failed to -format-xml option
Can Vuls be used on a Linux without package manager?
The documentation is inaccurate about Fetch OVAL(redhat)
Support One liner scan for Oracle Linux
Version Mismatches as Version is Hard-Coded and Not Updated
Library Scan Grep Pattern Is Not Exhaustive and Leads to Confusing Errors
Vuls in server not outputing the same JSON as local scan
vuls-beats
Failed to fetch redhat vulnerability DB
Can ignore APK warning message?
FreeBSD : Package Not Found
CVE-2020-12762 on ubuntu 20.04: when libjson-c-dev is patched (version 0.13.1+dfsg-7ubuntu0.3), cve continues to be returned by vuls with severity 0
Unsupported protocol scheme at http reports
trivy-to-vuls doesn't support latest trivy results
Vuls in server mode: the package order in POST request has an effect on vuls CVE report content
Avoiding block during scanning
jvndb cannot be updated normally from 2021/02/26
I got a error output as the description when running the scan.sh
Remove -ssh-native-insecure from scan subcommand
False positive CVE vulnerability (one-liner submission)
alpine sec db deprecated
Old fixed CVE vulnerabilities reported in Centos7.x while running vuls docker
"cvss2Severity" and "cvss3Severity" in "redhat" are output in reverse
Failed to execute tui with "panic: runtime error"
Failed to check EOL
Scan returns 0 packages installed
Release v0.15.0 ???
The document about Fetch OVAL redhat version need add version8
I want "ProxyJump" to be supported in "config.toml".
Raspbian Pi OS scanning using OVAL DB
Vuls will have issue #1000 :-)
libraries section is wrong
Unable to connect via SSH. Scan with -vvv option to print SSH debugging messages and check SSH settings
how to deploy vuls on kubernetes cluster?
output config.json by discover command
Scan only specific moving containers
scan Wordpress on moving containers
Scan results for non-OS packages are incorrect
Display End-of-life(EOL) information of the scanned OS
When using "Easiest way to setup Vuls-Vulsctl", vuls scan fails.
Ubuntu 20 report failing with lastest updates.
support SUSE distributions
CVE not detected but present in database
Would you consider support for nginx
Support to Fedora
looking for composer.json instead of composer.lock
wrong version comparison on alpine packages
The scan results are incorrect
Is there a way to talk to vuls report via API?
It is not clear how current symlink / scannedAt is working
Is it possible to scan lock files with pseudo type server
Display translated vulnerrability summary using Deepl library
Duplicate servers in the config have different results.
CPE report is not working
Filter Results
How can I craft a scan results to generate a report?
OpenSUSE Support
vuls report failed with "Failed to fill with OVAL".
vuls report can't send mail to smtp.office365.com
Absolute symlink for 'current' in 'results' dir is wrong while checking on docker host
Is there a way to create report in csv format?
Why the web site is offline ? https://vuls.io/ i
Supporting EC2 Instance Connect
CPE update failed
Display translated vulnerability summary using Deepl or something like that
© 2019 BoostIO, Inc.
IssueHunt
