IntroBack in May I introduced you to the development of vulnix, a tool which initially was done to find out whether a system (might) be affected by a security vulnerability. It does this by matching the derivations name with the product and version specified in the cpe language of the so-called CVEs (Common Vulnerabilities and Exposures). In the meantime we introduced the tool to the community at the Berlin NixOS Meetup and got some wonderful input in which directions we might extend the features. We sprinted the next two days to improve the code quality and broaden the feature set.
What we got as a result, is best-demonstrated by showing the usage function.
* Is my NixOS system installation affected?
Invoke: vulnix --system
- Is my user environment (~/.nix-profile) affected?
Invoke: vulnix --user
- Is my project affected?
Invoke after nix-build: vulnix ./result</code></pre>
Installation (manual)With the help of Rok and his recently re-written pypi2nix packaging vulnix for NixOS was a breeze and the installation procedure a simpleFor a full set of options go for
git clone https://github.com/flyingcircusio/vulnix.git cd ./vulnix nix-build
PlatformFrom the next release on, vulnix will be part of our platform code and check periodically if the NixOS based VMs are affected or not. In this case operations get informed and can develop counter-measures like introspecting the CVEs, applying patches and or decline the hits as false positives. For instances if the hit is simply coincidental or not relevant in the context of the Flying Circus platform.
Get in touch
Call us or send us an email.
fon: +49 345 219 401 0
fax: +49 345 219 401 28
Flying Circus Internet Operations GmbH
Leipziger Str. 70/71
06108 Halle (Saale)
AG Stendal as HRB 21169
VAT ID: DE297423633
Christian Theune, Christian Zagrodnick
flyingcircus.io — 2016-2021 – Privacy