GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rtfpessoa → yavdb

rtfpessoa / yavdb

Licence: AGPL-3.0 license
Yet Another Vulnerability Database

Programming Languages

ruby
36898 projects - #4 most used programming language
shell
77523 projects

Labels

npmsecurityrubygemspackagistcomposernodedatabasemavennugetcocoapodspypipipvulnerabilitiesdependencieshacktoberfest

Projects that are alternatives of or similar to yavdb

Dependency spy
Find known vulnerabilities in your dependencies
Stars: ✭ 87 (+521.43%)
Mutual labels:  rubygems, maven, vulnerabilities, dependencies
maloss
Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages
Stars: ✭ 46 (+228.57%)
Mutual labels:  rubygems, packagist, maven, pypi
Dephell
📦 🔥 Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.
Stars: ✭ 1,730 (+12257.14%)
Mutual labels:  pypi, pip, dependencies
Strongbox
Strongbox is an artifact repository manager.
Stars: ✭ 412 (+2842.86%)
Mutual labels:  maven, nuget, pypi
Nsdepcop
NsDepCop is a static code analysis tool that helps to enforce namespace dependency rules in C# projects. No more unplanned or unnoticed dependencies in your system.
Stars: ✭ 114 (+714.29%)
Mutual labels:  nuget, dependencies
craft
The universal Sentry release CLI 🚀
Stars: ✭ 117 (+735.71%)
Mutual labels:  nuget, pypi
deblibs-gradle-plugin
A Gradle plugin that creates Github issue and Slack message for outdated dependencies so they can easily be tracked and manually upgraded.
Stars: ✭ 73 (+421.43%)
Mutual labels:  maven, dependencies
SeleniumDemo
Selenium automation test framework
Stars: ✭ 84 (+500%)
Mutual labels:  maven, pip
nexus-repository-import-scripts
A few scripts for importing artifacts into Nexus Repository
Stars: ✭ 142 (+914.29%)
Mutual labels:  maven, nuget
Confused
Tool to check for dependency confusion vulnerabilities in multiple package management systems
Stars: ✭ 314 (+2142.86%)
Mutual labels:  maven, pypi
Security Advisories
A database of PHP security advisories
Stars: ✭ 1,740 (+12328.57%)
Mutual labels:  packagist, vulnerabilities
Rules python
Experimental Bazel Python Rules
Stars: ✭ 233 (+1564.29%)
Mutual labels:  pypi, pip
Fades
fades is a system that automatically handles the virtualenvs in the cases normally found when writing scripts and simple programs, and even helps to administer big projects.
Stars: ✭ 182 (+1200%)
Mutual labels:  pypi, pip
snyk-maven-plugin
Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
Stars: ✭ 64 (+357.14%)
Mutual labels:  maven, vulnerabilities
Audioowl
Fast and simple music and audio analysis using RNN in Python 🕵️‍♀️ 🥁
Stars: ✭ 151 (+978.57%)
Mutual labels:  pypi, pip
Scala Steward
🤖 A bot that helps you keep your Scala projects up-to-date
Stars: ✭ 812 (+5700%)
Mutual labels:  maven, dependencies
Laravel Paket
Composer GUI. Manage Laravel dependencies from web interface without switching to command line!
Stars: ✭ 143 (+921.43%)
Mutual labels:  packagist, dependencies
Python Pixabay
Python 3 Pixabay's API wrapper.
Stars: ✭ 32 (+128.57%)
Mutual labels:  pypi, pip
Pigar
☕️ A fantastic tool to generate requirements.txt for your Python project, and more than that. (IT IS NOT A PACKAGE MANAGEMENT TOOL)
Stars: ✭ 1,068 (+7528.57%)
Mutual labels:  pypi, pip
capsulecd
Continuous Delivery for automating package releases (npm, cookbooks, gems, pip, jars, etc)
Stars: ✭ 96 (+585.71%)
Mutual labels:  rubygems, pypi
View All Similar Projects ➔

Yet Another Vulnerability Database

Codacy Badge Codacy Badge CircleCI

The Free and Open Source vulnerability database.

This database aims to aggregate multiple sources of vulnerabilities for the most common package managers helping developers identify and fix know vulnerabilities in their apps.

The sources for this database include Rubysec, snyk, (removed) Friends of PHP, Magento Related Security Advisories, Victims CVE Database, RustSec

Prerequisites

  • Ruby 2.3 or newer

Installation

gem install yavdb

TODO:

Tests

Features/Improvements

  • Support non semver versions
  • Merge duplicates
  • Scrape NVD for other package manager vulnerabilities
  • Find more sources

Help

Commands:
  yavdb download                                                            # Download a previously generated database from the official yavdb repository into yavdb-path.
    Options: p, [--yavdb-path=YAVDB-PATH]  # Default: <HOME>/.yavdb/yavdb
  yavdb generate                                                            # Crawl several sources and generate a local database in database-path.
    Options: p, [--database-path=DATABASE-PATH]  # Default: <PWD>/database
  yavdb help [COMMAND]                                                      # Describe available commands or one specific command
  yavdb list --package-manager=PACKAGE-MANAGER --package-name=PACKAGE-NAME  # List vulnerabilities from database-path of package-name for package-manager.   
    Options: p, [--database-path=DATABASE-PATH]  # Default: <HOME>/.yavdb/yavdb/database

Options:
  [--verbose], [--no-verbose]

Development

After checking out the repo, run bin/setup to install dependencies. Then, run bundle exec rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/yavdb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Copyright

Copyright (c) 2017-present Rodrigo Fernandes. See LICENSE for details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].