Project

yavdb

0.01
Repository is archived
No release in over 3 years
Low commit activity in last 3 years
yavdbrtfpessoa/yavdbHomepageDocumentationSource CodeBug Tracker
Yet Another Vulnerability Database The Free and Open Source vulnerability database.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
37,129
Stars
14
Forks
6
Watchers
4
 Releases
Current version
0.7.0
Total releases
24
First release
2018-08-19
Latest release
2021-01-18
 Issues
Open Issues
2
Closed Issues
6
Total Issues
8
Issue Closure Rate
75%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
1
Merged Pull Requests
20
Pull Request Acceptance Rate
90%
 Development
Primary Language
Ruby
Licenses
AGPL-3.0+
Average date of last 50 commits
2020-02-01
Reverse Dependencies
1

 Dependencies

Development

codacy-coverage
>= 0
dependency_spy
>= 0
rake
~> 13.0
rspec
~> 3.8
rspec_junit_formatter
~> 0.4
rubocop
~> 0.75
rubocop-performance
~> 1.5.0
rubocop-rspec
~> 1.36
simplecov
>= 0

Runtime

execjs
~> 2.7
json
~> 2.2
kramdown
~> 2.3
oga
>= 2.15, < 4.0
semantic_interval
~> 0.1
therubyracer
~> 0.12
thor
~> 0.20
toml-rb
~> 1.1
 Project Readme

Yet Another Vulnerability Database

Codacy Badge Codacy Badge CircleCI

The Free and Open Source vulnerability database.

This database aims to aggregate multiple sources of vulnerabilities for the most common package managers helping developers identify and fix know vulnerabilities in their apps.

The sources for this database include Rubysec, snyk, (removed) Friends of PHP, Magento Related Security Advisories, Victims CVE Database, RustSec

Prerequisites

  • Ruby 2.3 or newer

Installation

gem install yavdb

TODO:

Tests

Features/Improvements

  • Support non semver versions
  • Merge duplicates
  • Scrape NVD for other package manager vulnerabilities
  • Find more sources

Help

Commands:
  yavdb download                                                            # Download a previously generated database from the official yavdb repository into yavdb-path.
    Options: p, [--yavdb-path=YAVDB-PATH]  # Default: <HOME>/.yavdb/yavdb
  yavdb generate                                                            # Crawl several sources and generate a local database in database-path.
    Options: p, [--database-path=DATABASE-PATH]  # Default: <PWD>/database
  yavdb help [COMMAND]                                                      # Describe available commands or one specific command
  yavdb list --package-manager=PACKAGE-MANAGER --package-name=PACKAGE-NAME  # List vulnerabilities from database-path of package-name for package-manager.   
    Options: p, [--database-path=DATABASE-PATH]  # Default: <HOME>/.yavdb/yavdb/database

Options:
  [--verbose], [--no-verbose]

Development

After checking out the repo, run bin/setup to install dependencies. Then, run bundle exec rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/yavdb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Copyright

Copyright (c) 2017-present Rodrigo Fernandes. See LICENSE for details.