cvereport − Generate an HTML report for the cvechecker output
cvereport [-d | -D] <targetdir> <acknowledgementfile>
The cvereport tool will generate an HTML report based on the cvechecker output. The report is generated based on some simple XML/XSLT transformations and uses an acknowledgement file to keep track of the state of the CVE entries matching your system.
The command requires two user-specified options:
|
• |
The targetdir is an existing, writeable directory where cvereport can store its report.html output. | ||
|
• |
The acknowledgementfile is an existing, readable XML file that contains the analysis of the CVE entries for your system |
The difference between -d and -D is that
|
• |
-d runs the standard cvechecker report, whereas | ||
|
• |
-D runs the cvechecker report including matches for higher versions of the installed software |
The XML file for the acknowledgements uses the following syntax:
<?xml
version="1.0"?>
<acknowledgements>
<resolution id="resolution_id_1">Comment
about why a CVE entry is irrelevant for your
system</resolution>
<resolution id="resolution_id_2">Another
comment</resolution>
<comment id="comment_id_1">Comment why the
CVE is acknowledged, but not resolved</comment>
<file name="/path/to/filename1"
cve="CVE−2000−1234"
state="irrelevant"
resolution="resolution_id_1" />
<file name="/path/to/filename2"
cve="CVE−2000−5678"
state="irrelevant"
resolution="resolution_id_2" />
<file name="/path/to/filename3"
cve="CVE−2001−9012"
state="acknowledged"
comment="comment_id_1" />
</acknowledgements>
The use of comments or resolutions within the file entity is not mandatory, but recommended.
cvereport is part of the cvechecker tool. cvereport was written by Sven Vermeulen <[email protected]>.