imsahil007's Blog

Week 3: Tests and Documentation for MergeReports

Published: 06/21/2021

What did you do this week?
I worked on the documentation and added one how-to guide which contains a step-wise guide on how to use intermediate reports. I tweaked the code related to merging reports and also added some tests related to MergeReports in ``

What is coming up next?
I am going to work on the webpage based merging tool utility which will help users while handling multiple intermediate reports. This can take a little more than a week depending on what features/filters we might need to add. And deciding the UI/ CSS part.

Did you get stuck anywhere?
Not yet. But I am not sure what features we might need in the above mentioned HTML utility. We have to also decide the tech-stack related to above tool.

View Blog Post

Week 2: Merging Intermediate Reports using cli

Published: 06/17/2021

What did you do this week?
I worked on saving intermediate reports along with some metadata and later merge them. This will improve the triage and tracking of reports from different end-users. The strucutre of these new intermediate reports look like this:
    "metadata": {
        "timestamp": "2021-06-17.00-00-30",
        "tag": "backend",
        "scanned_dir": "/home/path/",
        "products_with_cve": 139,
        "products_without_cve": 2,
        "total_files": 49
    "report": [
            "vendor": "gnu",
            "product": "gcc",
            "version": "9.0.1",
            "cve_number": "CVE-2019-15847",
            "severity": "HIGH",
            "score": "7.5",
            "cvss_version": "3",
            "paths": "/home/path/glib.tar.gz,/home/path/gcc.tar.gz",
            "remarks": "NewFound",
            "comments": ""
I have added 3 parameters in cve-bin-tool cli for same:
  • -a INTERMEDIATE_PATH, --append INTERMEDIATE_PATH : This will create intermediate reports on current scans and save them in `INTERMEDIATE_PATH`
  • -t TAG, --tag TAG : This will add a unique tag in intermediate reports so that users can differentiate between mulitple intermediate reports.
  • -m INTERMEDIATE_REPORTS, --merge INTERMEDIATE_REPORTS : This will take a list of comma-separated paths and merge them. Users can use this along with `-f --format` and `-o --output-file` to get output in other formats

  • What is coming up next?
    I am going to work on the documentation and testing of above-added features in the upcoming weeks.
    Possible addition of some filters while using `-m --merge` argument.
    A wepage based utitlity to merge these intermediate reports rather than using `-m --merge`.

    Did you get stuck anywhere?

    View Blog Post

    Week 1: Intermediate JSON Reports

    Published: 06/07/2021

    Hey there! I am Sahil, a second-year MCA student at the University of Hyderabad - India. I will be working with CVE Binary Tool under the umbrella of Python Software Foundation.

    About the project
    The CVE Binary Tool scans for a number of common, vulnerable open source components such as openssl, libpng, libxml2, and expat to let you know if a given directory or binary file includes common libraries with known vulnerabilities., known as CVE

    What did I do in Community Bonding Period?
    I have been contributing to CVE Binary Tool for quite some time now. We are planning to use the new NVD API for fetching updated CVE entries. More about this here. So, I researched about it. I went through the whole documentation. This will help me in the later weeks if we plan to migrate to this API.

    What am I doing this week?
    I am going to work on a medium to save intermediate reports in JSON format. This will improve the triage and tracking of reports from different end-users. I am planning to add a --append argument which will keep separate copies of these intermediate JSON(s). I have to decide the structure of these intermediate reports and verify if there can be an alternate(better) way to saving them.

    Have I got stuck anywhere?
    Not yet.

    Looking forward to this summer! xD
    View Blog Post