-
ust2dsa
Discontinued Improves Ubuntu security feed compatibility allowing it to be consumed by Debian vulnerability report tool, debsecan.
So I wrote a thorough checkmk local check script to report on patch state, and we were able to then pull reports straight out of our monitoring system. You can see a lobotomised version of said script here. When it came time for me to apply the same work to Debian/Ubuntu, I found that ecosystem to be somewhat brutally lacking compared to the RHEL world. You can see in that script that I mention debsecan, and for Ubuntu you'd need to pair it with ust2dsa. What I don't clearly mention in that script, though I hinted at it, is that I was exploring a way to parse Ubuntu's security JSON feeds... and it looks like Canonical started doing that themselves with their in-house cvescan tool. There's also the debcvescan tool for the Debian world.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
So I wrote a thorough checkmk local check script to report on patch state, and we were able to then pull reports straight out of our monitoring system. You can see a lobotomised version of said script here. When it came time for me to apply the same work to Debian/Ubuntu, I found that ecosystem to be somewhat brutally lacking compared to the RHEL world. You can see in that script that I mention debsecan, and for Ubuntu you'd need to pair it with ust2dsa. What I don't clearly mention in that script, though I hinted at it, is that I was exploring a way to parse Ubuntu's security JSON feeds... and it looks like Canonical started doing that themselves with their in-house cvescan tool. There's also the debcvescan tool for the Debian world.
-
debcvescan
Debian CVE Scanner is self-contained CVE scanner for DEBIAN distributions written in golang.
So I wrote a thorough checkmk local check script to report on patch state, and we were able to then pull reports straight out of our monitoring system. You can see a lobotomised version of said script here. When it came time for me to apply the same work to Debian/Ubuntu, I found that ecosystem to be somewhat brutally lacking compared to the RHEL world. You can see in that script that I mention debsecan, and for Ubuntu you'd need to pair it with ust2dsa. What I don't clearly mention in that script, though I hinted at it, is that I was exploring a way to parse Ubuntu's security JSON feeds... and it looks like Canonical started doing that themselves with their in-house cvescan tool. There's also the debcvescan tool for the Debian world.
