1cvereport(1)                   cvereport Manual                   cvereport(1)
2
3
4

NAME

6       cvereport - Generate an HTML report for the cvechecker output
7

SYNOPSIS

9       cvereport [-d | -D] <targetdir> <acknowledgementfile>
10

DESCRIPTION

12       The cvereport tool will generate an HTML report based on the cvechecker
13       output. The report is generated based on some simple XML/XSLT transfor‐
14       mations  and uses an acknowledgement file to keep track of the state of
15       the CVE entries matching your system.
16

USAGE

18   COMMAND USAGE
19       The command requires two user-specified options:
20
21       · The targetdir is an existing, writeable directory where cvereport can
22         store its report.html output.
23
24       · The  acknowledgementfile  is an existing, readable XML file that con‐
25         tains the analysis of the CVE entries for your system
26
27       The difference between -d and -D is that
28
29       · -d runs the standard cvechecker report, whereas
30
31       · -D runs the cvechecker report including matches for  higher  versions
32         of the installed software
33
34   ACKNOWLEDGEMENT FILE FORMAT
35       The XML file for the acknowledgements uses the following syntax:
36
37       <?xml version="1.0"?>
38       <acknowledgements>
39         <resolution id="resolution_id_1">Comment about why a CVE entry is irrelevant for your system</resolution>
40         <resolution id="resolution_id_2">Another comment</resolution>
41         <comment id="comment_id_1">Comment why the CVE is acknowledged, but not resolved</comment>
42         <file name="/path/to/filename1" cve="CVE-2000-1234" state="irrelevant" resolution="resolution_id_1" />
43         <file name="/path/to/filename2" cve="CVE-2000-5678" state="irrelevant" resolution="resolution_id_2" />
44         <file name="/path/to/filename3" cve="CVE-2001-9012" state="acknowledged" comment="comment_id_1" />
45       </acknowledgements>
46
47       The use of comments or resolutions within the file entity is not manda‐
48       tory, but recommended.
49

AUTHOR

51       cvereport is part of the cvechecker tool. cvereport was written by Sven
52       Vermeulen <sven.vermeulen@siphos.be>.
53
54
55
56September 1, 2010              27 November 2010                   cvereport(1)
Impressum