NAME

cvereport - Generate an HTML report for the cvechecker output

SYNOPSIS

cvereport [-d | -D] <targetdir> <acknowledgementfile>

DESCRIPTION

The cvereport tool will generate an HTML report based on the cvechecker output. The report is generated based on some simple XML/XSLT transformations and uses an acknowledgement file to keep track of the state of the CVE entries matching your system.

USAGE

COMMAND USAGE

The command requires two user-specified options:

•: The targetdir is an existing, writeable directory where cvereport can store its report.html output.
•: The acknowledgementfile is an existing, readable XML file that contains the analysis of the CVE entries for your system

The difference between -d and -D is that

•: -d runs the standard cvechecker report, whereas
•: -D runs the cvechecker report including matches for higher versions of the installed software

ACKNOWLEDGEMENT FILE FORMAT

The XML file for the acknowledgements uses the following syntax:

<?xml version="1.0"?>
<acknowledgements>


  <resolution id="resolution_id_1">Comment about why a CVE entry is irrelevant for your system</resolution>


  <resolution id="resolution_id_2">Another comment</resolution>


  <comment id="comment_id_1">Comment why the CVE is acknowledged, but not resolved</comment>


  <file name="/path/to/filename1" cve="CVE-2000-1234" state="irrelevant" resolution="resolution_id_1" />


  <file name="/path/to/filename2" cve="CVE-2000-5678" state="irrelevant" resolution="resolution_id_2" />


  <file name="/path/to/filename3" cve="CVE-2001-9012" state="acknowledged" comment="comment_id_1" />
</acknowledgements>

The use of comments or resolutions within the file entity is not mandatory, but recommended.

AUTHOR

cvereport is part of the cvechecker tool. cvereport was written by Sven Vermeulen <sven.vermeulen@siphos.be>.