Project

foreman_cve_scanner

0.0
The project is in a healthy, maintained state
foreman_cve_scanneratix-ag/foreman_cve_scannerHomepageDocumentationSource CodeBug Tracker
Run CVE scan on host and collect report
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
2,099
Stars
2
Forks
0
Watchers
5
 Releases
Current version
0.6.0
Total releases
6
First release
2024-04-06
Latest release
2026-06-01
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
0
Merged Pull Requests
9
Pull Request Acceptance Rate
90%
 Development
Primary Language
JavaScript
Licenses
GPL-3.0
Average date of last 50 commits
2025-12-27
Reverse Dependencies
0

 Dependencies

Development

rake
>= 0
rdoc
>= 0

Runtime

foreman_remote_execution
>= 9.0, < 17
 Project Readme

ForemanCveScanner

Plugin to:

  1. install Trivy/Grype on a host using Foreman Remote Execution (REX)
  2. run CVE scans via REX and parse the results
  3. store scan history per host in a dedicated table
  4. expose scan data via API
  5. show CVE findings in the Host details UI
  6. show summary status in the Hosts list

Features

  • Support for Trivy and Grype scanners
  • REX job templates for installing and running CVE scans
  • JSON output parsing with robust handling of chunked stdout
  • Per-host scan history with totals and severity counts
  • API endpoints for scan history and latest scan
  • API endpoint to push external CVE scans
  • Host Details card with findings and modal view
  • Host Details tab “CVE scans” for full history
  • Hosts overview list column “CVE” with quick summary and modal
  • Integrated in the Host Status
  • Export scan results as CSV

Installation

See How_to_Install_a_Plugin for how to install Foreman plugins

Usage

  • Run the REX job to install Trivy and/or Grype
  • Run the REX job to scan a host
  • You can configure recurring CVE scans via Monitor -> Jobs
  • You can configure the default scanner for the Run CVE scan template via Administer -> Settings -> CVE Scanner -> Preferred CVE scanner
  • The setting Administer -> Settings -> CVE Scanner -> Run CVE scan after host profiles upload takes effect only when Katello is installed and triggers a scan after host profiles uploads using the preferred scanner setting
  • View results in:
    • Hosts overview list column “CVE” (use 'Manage Columns' to enable)
    • Host Details card and modal
    • Host Details tab “CVE scans”

External Push API

Push a normalized CVE scan for a host with:

  • POST /api/v2/hosts/:host_id/cve_scans/import

Required permission:

  • import_cve_scans

Required payload structure:

{
  "cve_scan": {
    "scanner": "custom-scanner",
    "source": "external",
    "scanned_at": "2026-05-14T08:00:00Z",
    "findings": [
      {
        "id": "CVE-2024-8373",
        "name": "angular",
        "severity": "LOW",
        "version": "1.8.2",
        "fixed": "open",
        "status": "affected",
        "title": "angular: From NVD collector",
        "published": "2024-09-09T15:15:12.887Z",
        "url": "https://avd.aquasec.com/nvd/cve-2024-8373"
      },
      {
        "id": "CVE-2024-9991",
        "name": "openssl",
        "severity": "CRITICAL",
        "version": "3.0.1",
        "fixed": "3.0.8",
        "status": "affected",
        "title": "openssl: Example critical issue",
        "published": "2024-10-01T10:00:00Z",
        "url": "https://example.test/CVE-2024-9991"
      },
      {
        "id": "CVE-2024-9992",
        "name": "curl",
        "severity": "HIGH",
        "version": "8.5.0",
        "fixed": "8.5.1",
        "status": "affected",
        "title": "curl: Example high issue",
        "published": "2024-10-02T10:00:00Z",
        "url": "https://example.test/CVE-2024-9992"
      },
      {
        "id": "CVE-2024-9993",
        "name": "tar",
        "severity": "MEDIUM",
        "version": "1.35",
        "fixed": "1.36",
        "status": "affected",
        "title": "tar: Example medium issue",
        "published": "2024-10-03T10:00:00Z",
        "url": "https://example.test/CVE-2024-9993"
      }
    ]
  }
}

Notes:

  • scanner is a free-form producer name and can be an unknown external tool
  • source is stored and shown in the UI, for example external
  • scanned_at is required and is the only scan timestamp used in the UI
  • summary and severity counters are calculated on the server from findings
  • raw is not part of the public API contract

Retention

You can configure automatic CVE scan cleanup with the plugin setting:

  • Administer -> Settings -> CVE Scanner -> Delete CVE scans after X days

Behavior:

  • 0 disables automatic cleanup
  • scans older than the configured number of days are deleted
  • the cleanup runs after imports and can also be triggered manually

Manual cleanup task:

  • bundle exec rake foreman_cve_scanner:cleanup_scans

Override the configured retention for one run:

  • bundle exec rake foreman_cve_scanner:cleanup_scans DAYS=30

TODO

  • Deliver Trivy/Grype via Katello

Contributing

Fork and send a Pull Request. Thanks!

Copyright

Copyright (c) 2024 Bernhard Suttner / ATIX AG

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.