You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wondering how one can inform the vulnerability detection of what CPE to look at for a third party package. The third party package I'm in particular looking to have vulnerabilities detected for is nginx-more, but I am also curious about custom packages where I may name the package something different and need to make the link to the correct CPE.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello,
Wondering how one can inform the vulnerability detection of what CPE to look at for a third party package. The third party package I'm in particular looking to have vulnerabilities detected for is
nginx-more
, but I am also curious about custom packages where I may name the package something different and need to make the link to the correct CPE.I see for windows https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/cpe-helper.html exists, but it states it is only used on Windows, so I'm not sure where to go for Linux. The following is output from package list of nginx-more.
My guess if cpe-helper worked on Linux, I should just be able to do the following:
Any assistance in configuring for vulnerability detection would be appreciated.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions