Getting Started

Requirements

You need at least python3.7 to use scf.

Installation

scf can be installed by running:

pip install python-scf

You can also install the package directly from the source repository:

pip install git+https://github.com/dadav/scf

Getting Help

You can always use the integrated help functionality:

$ scf -h
Usage: scf [OPTIONS] COMMAND [ARGS]...

  scf fetches informations about CVEs from suse.com.

Options:
  -v, --version                   Show the application's version and exit.
  --install-completion [bash|zsh|fish|powershell|pwsh]
                                  Install completion for the specified shell.
  --show-completion [bash|zsh|fish|powershell|pwsh]
                                  Show completion for the specified shell, to
                                  copy it or customize the installation.
  -h, --help                      Show this message and exit.

Commands:
  cache
  config
  cve
  server

CLI

To get started, you could first fetch a list of all CVEs:

$ scf cve list
CVE
├── CVE-2022-30974
├── CVE-2022-30767
├── CVE-2022-30595
├── CVE-2022-30594
...

The next thing you maybe want to try is, to get some more detailed informations about this one specific CVE:

$ scf cve details CVE-2021-44832
CVE-2021-44832
├── Description
│   └── Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix 
│       releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution 
│       (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP 
...

Ok great, now we want only the base score:

$ scf cve details CVE-2021-44832 --field cvss.score
6.6

You can even start a small API server:

scf server run

Usage in python

from scf.suse import get_cve_details

details = get_cve_details('CVE-2022-44832')
print(f'CVE Score: {details.cvss.score}')