Skip to content

Add KernelScan analyzer plugin + VEX connector to Community Integrations#181

Open
StuttgartNerd wants to merge 1 commit into
DependencyTrack:mainfrom
kernelscan:kernelscan-integration
Open

Add KernelScan analyzer plugin + VEX connector to Community Integrations#181
StuttgartNerd wants to merge 1 commit into
DependencyTrack:mainfrom
kernelscan:kernelscan-integration

Conversation

@StuttgartNerd

Copy link
Copy Markdown

Adds two open-source (Apache-2.0) community integrations under Security and Vulnerability Management:

  • KernelScan Analyzer Plugin — a config-aware Linux-kernel CVE analyzer implemented as a Dependency-Track v5 vuln-analyzer extension. For each kernel component it resolves the customer's KernelScan product and reports only the CVEs reachable in that kernel's running .config (and surfaces LTS-backport CVEs that NVD's CPE matching misses), under plain CVE-* / NVD identity so findings merge with DT's own NVD records.
  • KernelScan VEX Sync — a companion connector that applies KernelScan's config-aware not_affected / exploitable verdicts to the matching projects via PUT /api/v1/vex (since v5 analyzers produce findings only, not analysis states).

Both link to public repositories with docs and licensing. Happy to adjust the wording or placement.

…tions

Signed-off-by: Steffen Pfendtner <steffen.pfendtner@kernelscan.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant