intelintel
15

Cve Bin Tool Action

screenshot of Cve Bin Tool Action

Known vulnerability scanning for your GitHub repository using CVE Binary Tool. This Action can scan binaries, component lists and SBOMs for known vulnerabilities and CVEs. It can generate SBOM component lists as well as reports in the Security Tab and in HTML/JSON/PDF format.

Github

Overview

The CVE Binary Tool GitHub Action is an essential tool for developers looking to enhance their security protocols directly within their GitHub repositories. This action simplifies the scanning process for vulnerabilities in binary files and software bill of materials (SBOM), ensuring that your projects maintain high security standards. By seamlessly integrating into your GitHub workflow, it helps identify potential vulnerabilities efficiently and keeps you informed through a dedicated security tab.

The tool offers multiple scanning modes and customizable options, making it adaptable to various development environments. Whether you're focusing solely on binaries or require a comprehensive scan that includes SBOMs, the CVE Binary Tool has you covered.

Features

  • Multiple Scan Modes: Offers three options: repo-only for binaries, sbom-only for SBOM files, and both for a comprehensive scan of all relevant files.

  • NVD API Key Integration: By providing an NVD API key, users can access the latest vulnerabilities from the National Vulnerability Database, ensuring they are working with the most current data.

  • Directory Exclusion: Customize your scan by ignoring specific directories, allowing for focused and efficient scans while preventing unnecessary noise.

  • Alerts by Source File: Configurable alerts split based on the source file, helping developers prioritize and address security issues on a component-level basis.

  • Custom Build Commands: Run specific build commands before initiating scans, ensuring that scans reflect the most up-to-date code and builds.

  • SBOM Reporting: Generates detailed SBOM reports in the security tab along with HTML/PDF scan reports, with support for various formats like SPDX and CycloneDX.

  • Triage Data Handling: Supports filtering of vulnerabilities through triage data, helping developers focus on relevant threats by excluding false positives and unaffected vulnerabilities.

  • Scheduled Updates: Capable of automatically updating the SBOM through pull requests at regular intervals, helping maintain ongoing security compliance.