About Mac Scan (beta)

It’s very common to download various packages and libraries on your build machines as part of CI/CD job execution. If any of these downloaded packages contain security vulnerabilities, it can create opportunity for bad actors to exploit these vulnerabilities and introduce undesirable actions during build and test automation. Some of these actions could be introducing exploits with the app, expose secrets, and allow infiltration of your internal network. Veertu’s Mac Scan tool can identify security vulnerabilities in these downloaded libraries and packages during runtime (when the build and test job is running) and flag them, leaving it up to your team to script what actions to take from the results. You can choose to fail the job and address the vulnerabilities detected or mark them as success, but log the vulnerabilities to resolve later.

Scannable languages/packages:

  • Ruby Gems
  • Python Packages
  • Javascript Node/NPM Packages
  • Java Packages
  • Golang Modules
  • Rust Cargo
  • Brew Formula
  • MacOS Applications
  • Cocoapods

Mac Scan supports two modes of scanning:

Fullscan mode

In full scan mode, the scanner will check applications, libraries, and other third-party packages installed on the macOS file system for security vulnerabilities. Since a Full Scan scans the entire file system, it can take up to a few minutes. Scan report after full scan contains a catalog of all packages and all security vulnerabilities identified in those packages(CVE ).

Background Watch

In Background Watch mode, the scan tool only scans, in real-time, everything that’s downloaded on the macOS filesystem. Scan report at any given time will contain a catalog of downloaded packages and all security vulnerabilities identified in those packages (CVE).

Mac Scan can be installed on physical macOS machines (Intel and Apple Silicon are supported), macOS Virtual Machines, and AWS EC2 Mac instances. The general recommendation is after installing the Mac Scan to first execute it in FullScan mode, analyze the discovered security vulnerabilities(CVEs), reset the report, and then switch to Background Watch mode.

In Background Watch mode, the Mac Scan tool continuously scans anything downloaded on the macOS file system. While doing continuous scanning, the tool is built to minimize the consumption of macOS CPU and RAM resources, so there is no impact on other activities/tasks occurring on the machine.

Suggested workflow to use Mac Scan tool to scan for security vulnerabilities during iOS CI

Step 1 - Install the Mac Scan application package on physical, virtual, or AWS EC2 Mac systems.

Step 2 - Execute FullScan

Step 3 - Analyze discovered vulnerabilities

Step 4 - Change the Mac Scan mode to Background Watch

Step 5 - Since your CI jobs download various packages, libraries, etc from internal repos and the internet, add steps in the CI jobs to check for mac scan report output and take appropriate actions based on discovered vulnerabilities in downloaded packages, libraries.

Usage

Install

FULL_FILE_NAME=$(echo $(curl -Ls -r 0-1 -o /dev/null -w %{url_effective} https://veertu.com/downloads/mac-scan) | cut -d/ -f5)
curl -S -L -o ./$FULL_FILE_NAME https://veertu.com/downloads/mac-scan
sudo installer -pkg $FULL_FILE_NAME -tgt /

Once the mac-scan package has been installed, the binaries and other mac-scan related data is stored under /Library/Application Support/mac-scan.

❯ sudo pkgutil --pkg-info com.veertu.mac-scan
package-id: com.veertu.mac-scan
version: 0.3.0
volume: /
location: /
install-time: 1666209750

❯ sudo pkgutil --files com.veertu.mac-scan
Library
Library/Application Support
Library/Application Support/mac-scan
Library/Application Support/mac-scan/bin
Library/Application Support/mac-scan/bin/mac-scan-cli
Library/Application Support/mac-scan/bin/mac-scand
Library/Application Support/mac-scan/mac-scan.yml
Library/Application Support/mac-scan/uninstall.sh
Library/LaunchDaemons
Library/LaunchDaemons/com.veertu.mac-scan.plist

❯ sudo launchctl print system/com.veertu.mac-scan
. . .
        path = /Library/LaunchDaemons/com.veertu.mac-scan.plist
        state = running
        program = /Library/Application Support/mac-scan/bin/mac-scand
        arguments = {
                /Library/Application Support/mac-scan/bin/mac-scand
                -c
                /Library/Application Support/mac-scan/mac-scan.yml
        }
. . .

❯ ls -laht /usr/local/bin | grep mac-scan
lrwxr-xr-x    1 root          admin    54B Oct 19 16:06 mac-scan-cli -> /Library/Application Support/mac-scan/bin/mac-scan-cli

As you can see, the plist will keep the mac-scand running on the host and available for the mac-scan-cli or even direct API calls.

Note that there is an uninstaller script:

❯ sudo /Library/Application\ Support/mac-scan/uninstall.sh
The following packages will be REMOVED:
  mac-scan-0.3.0
Do you wish to continue [Y/n]?Y
mac-scan uninstall process started...
[1/3] [DONE] Successfully deleted shortcut links
[2/3] [DONE] Successfully deleted mac-scan info
[3/3] [DONE] Successfully deleted mac-scan
mac-scan uninstall process finished!

Configure

Within the mac-scan application support directory is the mac-scan.yml. This can be modified to change logging locations as well as the API port (defaulting to 8081).

❯ cat /Library/Application\ Support/mac-scan/mac-scan.yml 
log-level: "logrus.InfoLevel"
log-to-file: true
log-file: "/Library/Logs/mac-scan/mac-scan.log"
vuln-db-path: "/Library/Application Support/mac-scan/scanner.db"
disable-auto-update: false
ignore-packages:
  - "cpe:/a:apple:icloud:1.0"
listen-port: 8081
db-backend-path: "/Library/Application Support/mac-scan/pkgstore.db"

Generate Report

❯ mac-scan-cli report --help                    
Display scanning results from the beginning of the last start command or user provided date

Usage:
  mac-scan-cli report [flags]
  mac-scan-cli report [command]

Available Commands:
  packages        Report detected packages
  reset           Reset scanning results
  vulnerabilities Report detected vulnerabilities

Flags:
  -h, --help                   help for report
  -f, --report-format string   report output format, formats=[json table] (default "table")
  -t, --timestamp string       report packages newer than specified time (RFC3339 format)

Use "mac-scan-cli report [command] --help" for more information about a command.

Filtering and Sorting

❯ mac-scan-cli report vulnerabilities --help
Display detected vulnerabilities from the beginning of the last start command or user provided date

Usage:
  mac-scan-cli report vulnerabilities [flags]

Flags:
  -h, --help   help for vulnerabilities

Global Flags:
  -c, --display-columns string   display columns for table format, columns=[Type - 't' Name - 'n' Version - 'v' Vulnerability - 'V' Score - 's' Severity - 'S' Location - 'l']
  -m, --min-score float32        filter vulnerabilities by score
  -f, --report-format string     report output format, formats=[json table] (default "table")
  -s, --sort string              sort results for table format, options=[{score,s} {name,n} {type,t}]
  -t, --timestamp string         report packages newer than specified time (RFC3339 format)
❯ mac-scan-cli report packages --help       
Display detected packages from the beginning of the last start command or user provided date

Usage:
  mac-scan-cli report packages [flags]

Flags:
  -h, --help   help for packages

Global Flags:
  -c, --display-columns string   display columns for table format, columns=[Type - 't' Name - 'n' Version - 'v' Vulnerability - 'V' Score - 's' Severity - 'S' Location - 'l']
  -m, --min-score float32        filter vulnerabilities by score
  -f, --report-format string     report output format, formats=[json table] (default "table")
  -s, --sort string              sort results for table format, options=[{score,s} {name,n} {type,t}]
  -t, --timestamp string         report packages newer than specified time (RFC3339 format)

There are several ways to filter results.

  1. --min-score to specify minimal score:
❯ mac-scan-cli report vulnerabilities --min-score 8.3
TYPE  NAME                VERSION  VULNERABILITY   SCORE  SEVERITY 
npm   chainsaw            0.1.0    CVE-2020-9493   9.8    critical  
npm   chainsaw            0.1.0    CVE-2022-23307  9.0    critical  
npm   connect             3.7.0    CVE-2016-0948   8.8    high      
npm   connect             3.7.0    CVE-2016-0949   10.0   critical  
npm   connect             3.7.0    CVE-2017-11291  10.0   critical  
npm   connect             3.7.0    CVE-2018-12804  9.8    critical  
npm   connect             3.7.0    CVE-2018-12805  9.8    critical  
npm   connect             3.7.0    CVE-2018-4923   9.1    critical  
npm   connect             3.7.0    CVE-2021-40719  9.8    critical  
npm   json-schema         0.2.3    CVE-2021-3918   9.8    critical  
npm   minimist            1.2.5    CVE-2021-44906  9.8    critical  
npm   shell-quote         1.7.2    CVE-2021-42740  9.8    critical  
npm   socket.io-parser    3.4.1    CVE-2022-2421   9.8    critical  
npm   tar                 6.1.0    CVE-2021-37701  8.6    high      
npm   tar                 6.1.0    CVE-2021-37712  8.6    high      
npm   tar                 6.1.0    CVE-2021-37713  8.6    high      
npm   through             2.3.8    CVE-2021-29940  9.8    critical  
npm   xmlhttprequest-ssl  1.5.5    CVE-2021-31597  9.4    critical  
  1. --sort [sntv] to sort table results only (sort by score, name, package type, version). s is a short for score, n - name, t - package type, and v - version.
❯ mac-scan-cli report vulnerabilities --min-score 8.3 --sort s
TYPE  NAME                VERSION  VULNERABILITY   SCORE  SEVERITY 
npm   connect             3.7.0    CVE-2016-0949   10.0   critical  
npm   connect             3.7.0    CVE-2017-11291  10.0   critical  
npm   chainsaw            0.1.0    CVE-2020-9493   9.8    critical  
npm   connect             3.7.0    CVE-2018-12804  9.8    critical  
npm   connect             3.7.0    CVE-2018-12805  9.8    critical  
npm   connect             3.7.0    CVE-2021-40719  9.8    critical  
npm   json-schema         0.2.3    CVE-2021-3918   9.8    critical  
npm   minimist            1.2.5    CVE-2021-44906  9.8    critical  
npm   shell-quote         1.7.2    CVE-2021-42740  9.8    critical  
npm   socket.io-parser    3.4.1    CVE-2022-2421   9.8    critical  
npm   through             2.3.8    CVE-2021-29940  9.8    critical  
npm   xmlhttprequest-ssl  1.5.5    CVE-2021-31597  9.4    critical  
npm   connect             3.7.0    CVE-2018-4923   9.1    critical  
npm   chainsaw            0.1.0    CVE-2022-23307  9.0    critical  
npm   connect             3.7.0    CVE-2016-0948   8.8    high      
npm   tar                 6.1.0    CVE-2021-37701  8.6    high      
npm   tar                 6.1.0    CVE-2021-37712  8.6    high      
npm   tar                 6.1.0    CVE-2021-37713  8.6    high 
  1. --display-columns [tnsSvVl] to show specific table columns. t is for package type, n - name, s - score, S - severity, v - version, V - vulnerability id, l - location
❯ mac-scan-cli report vulnerabilities --min-score 8.3 --sort s --display-columns Sn
SEVERITY  NAME               
critical  chainsaw            
critical  connect             
critical  json-schema         
critical  minimist            
critical  shell-quote         
critical  socket.io-parser    
critical  through             
critical  xmlhttprequest-ssl  
high      connect             
high      tar    

Scan Modes

Full Scan

❯ mac-scan-cli       
This tool provides an interface to communicate with the mac-scand API

Usage:
  mac-scan-cli [flags]
  mac-scan-cli [command]

Available Commands:
  background-watch Watch for file system changes in the background
  completion       Generate the autocompletion script for the specified shell
  fullscan         Catalog all the packages on the disk
  help             Help about any command
  license          License show/activate
  report           Report scanning result
  status           Get status
  version          Print the version number of rs-cli

Flags:
  -h, --help   help for mac-scan-cli

Use "mac-scan-cli [command] --help" for more information about a command.

❯ mac-scan-cli report
No packages discovered
No vulnerabilities found

❯ mac-scan-cli fullscan

❯ mac-scan-cli report | head -20 
TYPE            NAME                                                                           VERSION                                                                                           
brew            amazon-ecs-cli                                                                 1.21.0                                                                                             
brew            anka-scripts                                                                   c2c6cc19c6406af1bc3b522a14c3884644488954                                                           
brew            ansible                                                                        6.2.0                                                                                              
brew            ansible-lint                                                                   6.4.0                                                                                              
brew            aom                                                                            3.5.0_1                                                                                            
brew            apr                                                                            1.7.0_2                                                                                            
brew            apr                                                                            1.7.0_3                                                                                            
brew            apr-util                                                                       1.6.1_4                                                                                            
brew            augeas                                                                         1.12.0_1                                                                                           
brew            autoconf                                                                       2.71                                                                                               
brew            automake                                                                       1.16.5                                                                                             
brew            aws-iam-authenticator                                                          0.5.9                                                                                              
brew            awscli                                                                         2.7.23                                                                                             
brew            bazel                                                                          5.2.0                                                                                              
brew            bdw-gc                                                                         8.0.6                                                                                              
brew            bdw-gc                                                                         8.2.2                                                                                              
brew            berkeley-db                                                                    18.1.40_1                                                                                          
brew            boost                                                                          1.80.0                                                                                             
brew            boost-build                                                                    1.79.0                                                                                             
. . .

❯ mac-scan-cli report reset

❯ mac-scan-cli report
No packages discovered
No vulnerabilities found

Background Watch

❯ mac-scan-cli status      
Service State:                  Active
Background Watch State:         Stopped

❯ mac-scan-cli background-watch start

❯ mac-scan-cli status                
Service State:                  Active
Background Watch State:         Running

❯ mac-scan-cli report
No packages discovered
No vulnerabilities found

# You can see nothing has changed on my computer yet, so nothing was discovered or found. 
# Let's install an older version of jenkins with ruby gem, immediately stop the scanner 
# so we only get the changes for the period of time we installed jenkins, and then generate the report:

❯ sudo gem install --version 0.6.0 jenkins
Ignoring ffi-1.13.1 because its extensions are not built. Try: gem pristine ffi --version 1.13.1
Fetching jenkins-0.6.0.gem
Successfully installed jenkins-0.6.0
Parsing documentation for jenkins-0.6.0
Installing ri documentation for jenkins-0.6.0
Done installing documentation for jenkins after 0 seconds
1 gem installed

❯ mac-scan-cli background-watch stop

❯ mac-scan-cli report vulnerabilities | head -20
TYPE          NAME              VERSION            VULNERABILITY     SCORE  SEVERITY 
gem           actionpack        3.0.1              CVE-2022-27777    6.1    medium    
gem           crack             0.1.8              CVE-2013-1800     7.5    high      
gem           httparty          0.6.1              CVE-2013-1801     7.5    high      
gem           i18n              0.4.2              CVE-2013-4492     4.3    medium    
gem           i18n              0.4.2              CVE-2014-10077    7.5    high      
gem           i18n              0.4.2              CVE-2020-7791     7.5    high      
gem           jenkins           0.6.0              CVE-2012-0324     4.3    medium    
gem           jenkins           0.6.0              CVE-2012-0325     4.3    medium    
gem           jenkins           0.6.0              CVE-2012-0785     7.8    high      
gem           jenkins           0.6.0              CVE-2012-4438     8.8    high      
gem           jenkins           0.6.0              CVE-2012-4439     6.1    medium    
gem           jenkins           0.6.0              CVE-2012-4440     6.1    medium    
gem           jenkins           0.6.0              CVE-2012-4441     6.1    medium    
gem           jenkins           0.6.0              CVE-2012-6072     4.3    medium    
gem           jenkins           0.6.0              CVE-2012-6073     5.8    medium    
gem           jenkins           0.6.0              CVE-2012-6074     3.5    low       
gem           jenkins           0.6.0              CVE-2013-0158     2.6    low       

REST API

An alternative to the included CLI is using the API directly with curl.

/v1/status

Returns the state of the scanning.

❯ curl http://localhost:8081/v1/status
{"status":"OK","body":{"state":"Stopped"},"error":""}

/v1/backgroundwatch/start (POST)

Starts the scanning.

❯ curl http://localhost:8081/v1/status
{"status":"OK","body":{"state":"Stopped"},"error":""}
❯ curl -X POST http://localhost:8081/v1/backgroundwatch/start
{"status":"OK","body":{"state":"Running"},"error":""}
❯ curl http://localhost:8081/v1/status
{"status":"OK","body":{"state":"Running"},"error":""}

/v1/backgroundwatch/stop (POST)

Stops the scanning and forces population of packages and vulnerabilities.

❯ curl http://localhost:8081/v1/status
{"status":"OK","body":{"state":"Running"},"error":""}
❯ curl -X POST http://localhost:8081/v1/backgroundwatch/stop
{"status":"OK","body":{"state":"Running"},"error":""}
# Be patient as this can take a long time to return depending on the scan's state
❯ curl http://localhost:8081/v1/status
{"status":"OK","body":{"state":"Stopped"},"error":""}

/v1/fullscan (POST)

Stops the scanning and forces population of packages and vulnerabilities.

❯ curl -X POST http://localhost:8081/v1/fullscan
{"status":"OK","body":{"state":"Creating catalog"},"error":""}
❯ curl http://localhost:8081/v1/status          
{"status":"OK","body":{"state":"Creating catalog"},"error":""}

/v1/report

Generates and outputs to STDOUT a report of packages and vulnerabilities the scan found while running.

❯ curl -s http://localhost:8081/v1/report | jq | head -50
{
  "status": "OK",
  "body": {
    "packages": [
      {
        "name": "awesome_print",
        "version": "0.2.1",
        "type": "gem",
        "locations": [
          {
            "path": "/Library/Ruby/Gems/2.6.0/gems/jenkins-0.6.0/Gemfile.lock"
          }
        ],
        "language": "ruby",
        "licenses": [],
        "cpes": [
          "cpe:2.3:a:awesome-print:awesome-print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:awesome-print:awesome_print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:awesome_print:awesome-print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:awesome_print:awesome_print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:ruby-lang:awesome-print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:ruby-lang:awesome_print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:ruby_lang:awesome-print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:ruby_lang:awesome_print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:awesome:awesome-print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:awesome:awesome_print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:ruby:awesome-print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:ruby:awesome_print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:*:awesome-print:0.2.1:*:*:*:*:*:*:*",
          "cpe:2.3:a:*:awesome_print:0.2.1:*:*:*:*:*:*:*"
        ],
        "purl": "pkg:gem/[email protected]",
        "creation_time": "2022-09-12T20:41:02.049576397-04:00",
        "metadata": null
      },
      {
        "name": "builder",
        "version": "2.1.2",
        "type": "gem",
        "locations": [
          {
            "path": "/Library/Ruby/Gems/2.6.0/gems/jenkins-0.6.0/Gemfile.lock"
          }
        ],
        "language": "ruby",
        "licenses": [],
        "cpes": [
          "cpe:2.3:a:ruby-lang:builder:2.1.2:*:*:*:*:*:*:*",
          "cpe:2.3:a:ruby_lang:builder:2.1.2:*:*:*:*:*:*:*",
          "cpe:2.3:a:builder:builder:2.1.2:*:*:*:*:*:*:*",
❯ curl -s http://localhost:8081/v1/report | jq '.body.vulnerabilities' | head -50
[
  {
    "Vulnerability": {
      "MatchedCPEs": [
        {
          "Cpe": {
            "Part": "a",
            "Vendor": "john_nunemaker",
            "Product": "crack",
            "Version": "0\\.1\\.8",
            "Update": "",
            "Edition": "",
            "SWEdition": "",
            "TargetSW": "",
            "TargetHW": "",
            "Other": "",
            "Language": ""
          },
          "Constraint": "= 0.1.8",
          "Version": "0.1.8",
          "MatchType": "Semantic"
        },
        {
          "Cpe": {
            "Part": "a",
            "Vendor": "john_nunemaker",
            "Product": "crack",
            "Version": "",
            "Update": "",
            "Edition": "",
            "SWEdition": "",
            "TargetSW": "",
            "TargetHW": "",
            "Other": "",
            "Language": ""
          },
          "Constraint": "<= 0.3.1",
          "Version": "0.1.8",
          "MatchType": "Semantic"
        }
      ],
      "ID": "CVE-2013-1800",
      "Namespace": "",
      "Score": 7.5,
      "URL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1800",
      "RelatedVulnerabilities": null
    },
    "Package": {
      "ID": "9804960417298599741",
      "Name": "crack",

/v1/report/packages

Generates and outputs to STDOUT a report of ONLY the packages the scan found while running.

❯ curl -s http://localhost:8081/v1/report/packages | jq | head -50
{
  "status": "OK",
  "body": [
    {
      "name": "awesome_print",
      "version": "0.2.1",
      "type": "gem",
      "locations": [
        {
          "path": "/Library/Ruby/Gems/2.6.0/gems/jenkins-0.6.0/Gemfile.lock"
        }
      ],
      "language": "ruby",
      "licenses": [],
      "cpes": [
        "cpe:2.3:a:awesome-print:awesome-print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:awesome-print:awesome_print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:awesome_print:awesome-print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:awesome_print:awesome_print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:awesome-print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby-lang:awesome_print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby_lang:awesome-print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby_lang:awesome_print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:awesome:awesome-print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:awesome:awesome_print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby:awesome-print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby:awesome_print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:*:awesome-print:0.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:*:awesome_print:0.2.1:*:*:*:*:*:*:*"
      ],
      "purl": "pkg:gem/[email protected]",
      "creation_time": "2022-09-12T20:41:02.049576397-04:00",
      "metadata": null
    },
    {
      "name": "builder",
      "version": "2.1.2",
      "type": "gem",
      "locations": [
        {
          "path": "/Library/Ruby/Gems/2.6.0/gems/jenkins-0.6.0/Gemfile.lock"
        }
      ],
      "language": "ruby",
      "licenses": [],
      "cpes": [
        "cpe:2.3:a:ruby-lang:builder:2.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby_lang:builder:2.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:builder:builder:2.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:ruby:builder:2.1.2:*:*:*:*:*:*:*",

/v1/report/vulnerabilities

Generates and outputs to STDOUT a report of ONLY vulnerabilities the scan found while running.

❯ curl -s http://localhost:8081/v1/report/vulnerabilities | jq | head -50
{
  "status": "OK",
  "body": [
    {
      "Vulnerability": {
        "MatchedCPEs": [
          {
            "Cpe": {
              "Part": "a",
              "Vendor": "john_nunemaker",
              "Product": "crack",
              "Version": "0\\.1\\.8",
              "Update": "",
              "Edition": "",
              "SWEdition": "",
              "TargetSW": "",
              "TargetHW": "",
              "Other": "",
              "Language": ""
            },
            "Constraint": "= 0.1.8",
            "Version": "0.1.8",
            "MatchType": "Semantic"
          },
          {
            "Cpe": {
              "Part": "a",
              "Vendor": "john_nunemaker",
              "Product": "crack",
              "Version": "",
              "Update": "",
              "Edition": "",
              "SWEdition": "",
              "TargetSW": "",
              "TargetHW": "",
              "Other": "",
              "Language": ""
            },
            "Constraint": "<= 0.3.1",
            "Version": "0.1.8",
            "MatchType": "Semantic"
          }
        ],
        "ID": "CVE-2013-1800",
        "Namespace": "",
        "Score": 7.5,
        "URL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1800",
        "RelatedVulnerabilities": null
      },
      "Package": {

?fromTime=

Reports endpoints allow setting the fromTime to isolate packages and vulnerabilities from a specific time.

The time must be in RFC3339. On MacOS, you can generate this time using date -u +%Y-%m-%dT%H:%M:%SZ.

❯ curl -s http://localhost:8081/v1/report/vulnerabilities\?fromTime\=2022-09-13T12:47:33Z | jq | head -50
{
  "status": "OK",
  "body": [
    {
      "Vulnerability": {
        "MatchedCPEs": [
          {
            "Cpe": {
              "Part": "a",
              "Vendor": "john_nunemaker",
              "Product": "crack",
              "Version": "0\\.1\\.8",
              "Update": "",
              "Edition": "",
              "SWEdition": "",
              "TargetSW": "",
              "TargetHW": "",
              "Other": "",
              "Language": ""
            },
            "Constraint": "= 0.1.8",
            "Version": "0.1.8",
            "MatchType": "Semantic"
          },
          {
            "Cpe": {
              "Part": "a",
              "Vendor": "john_nunemaker",
              "Product": "crack",
              "Version": "",
              "Update": "",
              "Edition": "",
              "SWEdition": "",
              "TargetSW": "",
              "TargetHW": "",
              "Other": "",
              "Language": ""
            },
            "Constraint": "<= 0.3.1",
            "Version": "0.1.8",
            "MatchType": "Semantic"
          }
        ],
        "ID": "CVE-2013-1800",
        "Namespace": "",
        "Score": 7.5,
        "URL": "https://nvd.nist.gov/vuln/detail/CVE-2013-1800",
        "RelatedVulnerabilities": null
      },
      "Package": {

?min_score=

Reports endpoints allow setting the min_score to isolate packages and vulnerabilities with certain scores. Can be an integer or decimal.

❯ curl -s -X POST "http://localhost:8081/v1/report/vulnerabilities?min_score=8.2" | jq '.body[] | [.Vulnerability.Score,.Package.Name,.Package.Locations[0].path] | join(",")'
"9.8,minimist,/Users/user1/project/themes/docsy/userguide/package-lock.json"
"9.4,xmlhttprequest-ssl,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,chainsaw,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9,chainsaw,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,json-schema,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,json-schema,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,socket.io-parser,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"8.8,connect,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"10,connect,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,connect,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,connect,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"10,connect,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,connect,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.1,connect,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,shell-quote,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,shell-quote,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,minimist,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"8.6,tar,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"8.6,tar,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"8.6,tar,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,through,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,through,/Users/user1/project/themes/docsy/assets/vendor/bootstrap/package-lock.json"
"9.8,through,/Users/user1/project/node_modules/through/package.json"
"9.8,through,/Users/user1/project/node_modules/through/package.json"
"9.8,through,/Users/user1/project/package-lock.json"
"9.8,through,/Users/user1/project/package-lock.json"

/v1/report/reset (POST)

Resets the current catalog of vulnerabilities and packages.

❯ curl -X POST http://localhost:8081/v1/report/reset
{"status":"OK","body":{"state":"Running"},"error":""}