Metadata-Version: 2.1
Name: h2-vulnerability-db
Version: 2.0.2
Summary: AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities.
Home-page: https://github.com/appthreat/vulnerability-db
Author: h2 security
Author-email: blue-team@h2security.io
License: UNKNOWN
Description: # Introduction
        
        This repository contains a vulnerability database and a package search for OSV, NVD, GitHub, and NPM sources.
        Data on vulnerabilities is downloaded from the sources and stored in a custom file-based storage system with indexes that enables offline access and quick searches. 
        
        ## Installation
        
        ```bash
        pip install h2-vulnerability-db
        ```
        
        ## Usage
        
        This package is ideal as a vulnerability management library. This is how [h2-depscan](https://gitlab.com/hhammoudi/h2-depscan), a dependency auditing tool, works.
        However, a limited cli capability with few features is available for testing this tool directly. 
        
        ### Cache vulnerability data
        
        Cache from all sources
        
        ```bash
        vdb --cache
        ```
        
        Cache from just [OSV](https://osv.dev)
        
        ```bash
        vdb --cache --only-osv
        ```
        
        It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.
        
        - NVD_START_YEAR - Default: 2016. Supports upto 2002
        - GITHUB_PAGE_COUNT - Default: 5. Supports upto 20
        
        ### Periodic sync
        
        To periodically sync the latest vulnerabilities and update the database cache.
        
        ```bash
        vdb --sync
        ```
        
        ### Basic search
        
        It is possible to perform simple search using the cli.
        
        ```bash
        vdb --search android:8.0
        
        vdb --search google:android:8.0
        
        vdb --search android:8.0,simplesamlphp:1.14.11
        ```
        
        Syntax is package:version,package:version or vendor : package : version (Without space)
        
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Topic :: Utilities
Classifier: Topic :: Security
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.8
Description-Content-Type: text/markdown
