cve

This subcommand provides CVE related functionality.

$ scf cve -h
Usage: scf cve [OPTIONS] COMMAND [ARGS]...

Options:
  -h, --help  Show this message and exit.

Commands:
  details  Fetch the details of a given cve
  list     Fetch the known cve for a given year or all.
  watch    Show the latest CVE as they get published

list

Use list to get a list of all known CVE.

$ scf cve list -h
Usage: scf cve list [OPTIONS]

  Fetch the known cve for a given year or all.

Options:
  -y, --year  List cve grouped by year.
  --cache     Enables the cache.
  --json      Print the result as json.
  -h, --help  Show this message and exit.

example

This will group the found CVE by year:

$ scf cve list --year
CVE
├── 2022
│   ├── CVE-2022-30974
│   ├── CVE-2022-30767
│   ├── CVE-2022-30595
...

details

Use details to get more information about a specific CVE.

$ scf cve details -h
Usage: scf cve details [OPTIONS] [NAME]

  Fetch the details of a given cve

Arguments:
  [NAME]  The cve identifier to lookup.

Options:
  --no-cache    Disable the cache.
  --field TEXT  Only print the given field (e.g. `cvss.score`)
  --json        Print the result as json.
  -h, --help    Show this message and exit.

example

Get the base score for the CVE CVE-2022-30333:

$ scf cve details CVE-2022-30333 --field cvss.score
6.6

watch

Use watch if you want to get informations about new CVE as they are being published.

$ scf cve watch -h
Usage: scf cve watch [OPTIONS]

  Show the latest CVE as they get published

Options:
  -c, --command TEXT      Run this command if a new CVE is found
  -t, --test              Test the command and exit
  -i, --interval INTEGER  Set the refresh interval  [default: 30]
  -h, --help              Show this message and exit.

example

Start the watcher, run a command (--command), exit (--test). This is useful, if you want to test the command before going into watch mode.

$ scf cve watch --command "echo Does this get executed?" --test
Executed command. RC = 0