Getting Started#
Requirements#
You need at least python3.7 to use scf.
Installation#
scf can be installed by running:
pip install python-scf
You can also install the package directly from the source repository:
pip install git+https://github.com/dadav/scf
Getting Help#
You can always use the integrated help functionality:
$ scf -h
Usage: scf [OPTIONS] COMMAND [ARGS]...
scf fetches informations about CVEs from suse.com.
Options:
-v, --version Show the application's version and exit.
--install-completion [bash|zsh|fish|powershell|pwsh]
Install completion for the specified shell.
--show-completion [bash|zsh|fish|powershell|pwsh]
Show completion for the specified shell, to
copy it or customize the installation.
-h, --help Show this message and exit.
Commands:
cache
config
cve
server
CLI#
To get started, you could first fetch a list of all CVEs:
$ scf cve list
CVE
├── CVE-2022-30974
├── CVE-2022-30767
├── CVE-2022-30595
├── CVE-2022-30594
...
The next thing you maybe want to try is, to get some more detailed informations about this one specific CVE:
$ scf cve details CVE-2021-44832
CVE-2021-44832
├── Description
│ └── Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix
│ releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution
│ (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP
...
Ok great, now we want only the base score:
$ scf cve details CVE-2021-44832 --field cvss.score
6.6
You can even start a small API server:
scf server run
Usage in python#
from scf.suse import get_cve_details
details = get_cve_details('CVE-2022-44832')
print(f'CVE Score: {details.cvss.score}')