Become an AceSign inSign up
rtfpessoa/ yavdb (v0.5.0) about 2 years ago
Ruby JavaScript Java cocoapods NuGet Composer Maven Database npm Shell Security Go PHP rubygems node pip pypi packagist
View on GitHub
Need help with yavdb?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

rtfpessoa
Global Rank
#55,016
Topics of expertise
http4s
akka-ht...
scala-n...
dropwiz...
sbt-plu...
packagi...
rubygem...
scalajs
Location
Lisbon
13 Stars 4 Forks GNU Affero General Public License v3.0 84 Commits 3 Opened issues

Description

Yet Another Vulnerability Database

Services available

!
?

Need anything else?

Contributors list

Rodrigo Fernandes rtfpessoa
# 55,016
Maven
scalajs
http4s
Racket
 47 commits
‮Artem Kozaev artplan1
# 65,744
Ruby
Rails
Maven
rubyonr...
 3 commits

Yet Another Vulnerability Database

Codacy Badge Codacy Badge CircleCI

The Free and Open Source vulnerability database.

This database aims to aggregate multiple sources of vulnerabilities for the most common package managers helping developers identify and fix know vulnerabilities in their apps.

The sources for this database include Rubysec, ~~snyk,~~ (removed) Friends of PHP, Magento Related Security Advisories, Victims CVE Database, RustSec

Prerequisites

  • Ruby 2.3 or newer

Installation

gem install yavdb

TODO:

Tests

Features/Improvements

  • [ ] Support non semver versions
  • [ ] Merge duplicates
  • [ ] Scrape NVD for other package manager vulnerabilities
  • [ ] Find more sources

Help

Commands:
  yavdb download                                                            # Download a previously generated database from the official yavdb repository into yavdb-path.
    Options: p, [--yavdb-path=YAVDB-PATH]  # Default: /.yavdb/yavdb
  yavdb generate                                                            # Crawl several sources and generate a local database in database-path.
    Options: p, [--database-path=DATABASE-PATH]  # Default: /database
  yavdb help [COMMAND]                                                      # Describe available commands or one specific command
  yavdb list --package-manager=PACKAGE-MANAGER --package-name=PACKAGE-NAME  # List vulnerabilities from database-path of package-name for package-manager.   
    Options: p, [--database-path=DATABASE-PATH]  # Default: /.yavdb/yavdb/database


Options:
  [--verbose], [--no-verbose]

Development

After checking out the repo, run 

bin/setup
to install dependencies. Then, run 
bundle exec rake spec
to run the tests. You can also run 
bin/console
for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run 

bundle exec rake install
. To release a new version, update the version number in 
version.rb
, and then run 
bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the 
.gem
file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/yavdb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Copyright

Copyright (c) 2017-present Rodrigo Fernandes. See LICENSE for details.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.