Biapy's Bookmarks

cpe

CPE guesser

https://vulnerability-lookup.github.io/cpe-guesser/

Tool to guess CPE name based on common software name.

CPE Guesser is a command-line tool or web service designed to guess the CPE name based on one or more keywords. The resulting CPE can then be used with tools like cve-search or vulnerability-lookup to perform actual searches using CPE names.

CPE guesser @ GitHub.

Related contents:

cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD @ Vulnerability-Lookup.

api bsd2-licensed cpe cve foss open-source secint security self-hosted web-app

Added 1 month ago

OWASP Dependency-Check

https://owasp.org/www-project-dependency-check/

Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

Dependency-Check @ GitHub.

cpe devsecops open-source owasp sca security supply-chain

Added 1 year ago