cve-bin-tool VS CVElk

intel/cve-bin-tool - 2 pull requests

Intel/cve-bin-tool: There are several issues in this repository that are interesting to me, particularly the ones about creating checkers. I would say it is not very coding-heavy, but it needs a lot of research before doing it.

Whether you contribute small or big chunks of code, being consistent about them carries vital importance. Small contributions to a particular project help you to get familiar with it at first and leads to something bigger. Take a look at some pull requests I have raised to the following projects; withfig, cve-bin-tool, my-photohub, pr-approve-generator.

For my release 0.3 for OSD600, I have to create a pull request for an external repo. The repo I contributed to was cve-bin-tool. This post was late because I had was busy with other commitments and projects compounded with problems finding workable issues. In the future, I would definitely follow my own advice and search for issues early and often. I didn't follow this advice and found myself in this position.

The issue was to fix mypy type issues in __init__.py. I was able to fix the type issues and also added type annotations to the codebase. The project was well documented and I faced no issues running it. Big projects like nodejs, vscode or this, cve-bin-tool all have strict guidelines for contributions. Even on the commit messages get checked when you raise a PR. See one of the commit messages from gitlint in their workflow.

My two PRs for Intel’s CVE-Binary-Tool got merged! These (Fix1 , Fix 2) were my first ever Hacktoberfest merges. These were small contributions but big confidence boosters. I am a beginner in programming, and if I can make small contributions, so can you. From one beginner to another – start small, try your best, trust the process, and ask for help.

So, eventually I started looking for issues rather than repos. I added some labels and details to the search so I wouldn't just look through 83 million issues, and finally found an issue in Intel's cve-bin-tool.

I created two pull requests for Intel’s CVE Binary Tool. CVE Binary Tool is a tool that scans a file for known Common Vulnerabilities and Exposures.

My goal for this year's Hacktoberfest was to contribute to at least one big established company or product in IT. Luckily for me, I landed on a an interesting repo called the CVE Binary Tool. It is an open source tool to help you determine if your system includes known vulnerabilities. It is based of the data from the National Vulnerability Database (NVD) list of Common Vulnerabilities and Exposures (CVEs).