https://github.com/osquery/osquery logo
Title
g

ganesh

04/26/2017, 4:50 AM
@adel, speaking strictly for detecting vulnerable packages on linux (rpm, deb), OSquery allows you to query for package name version etc, which you’d have to compare against data from your feed. Package naming conventions are non standard and outlined here https://www.debian.org/doc/manuals/developers-reference/pkgs.html. Comparing packages is a bit challenging, but IMO, this python package does a reasonable job https://pypi.python.org/pypi/version_utils. In my case it worked for rpm and deb packages.
👍 1
a

adel

04/26/2017, 11:00 PM
g314159: Great! Thanks a lot for your help