Scan Software Packages
Request an on-demand vulnerability assessment of your software packages to determine if the packages contain any common vulnerabilities and exposures. The response for detected CVEs includes CVE details. Only packages managed by a package manager for supported operating systems are reported.
External Documentation
To learn more, visit the Lacework documentation.
Parameters
| Parameter | Description |
|---|---|
| Operating System Type | The Operating Systems name. |
| Operating System Version | The Operating Systems version. |
| Package Name | The package name. |
| Package Version | The version of the package. |
Example Output
{
"data": [
{
"osPkgInfo": {
"namespace": "ubuntu:18.04",
"os": "Ubuntu",
"osVer": "18.04",
"pkg": "openssl",
"pkgVer": "1.1.1-1ubuntu2.1~18.04.5",
"versionFormat": "dpkg"
},
"vulnId": "CVE-2017-3731",
"severity": "Medium",
"featureKey": {
"name": "openssl",
"namespace": "ubuntu:18.04"
},
"cveProps": {
"cveBatchId": "087956A88D8B89A79D0DC1F2E5E8269C",
"description": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
"link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-3731",
"metadata": {
"nvd": {
"cvssv2": {
"publisheddatetime": "2017-05-04T19:29Z",
"score": 5,
"vectors": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
},
"cvssv3": {
"exploitabilityscore": 3.9,
"impactscore": 3.6,
"score": 7.5,
"vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
}
}
},
"fixInfo": {
"fixAvailable": "1",
"fixedVersion": "0:1.0.2g-1ubuntu11"
},
"summary": {
"evalCreatedTime": "2021-09-16 18:41:04.161 -0700",
"evalStatus": "MATCH_VULN",
"numFixableVuln": 10,
"numFixableVulnBySeverity": {
"1": 0,
"2": 3,
"3": 5,
"4": 2,
"5": 0
},
"numTotal": 70,
"numVuln": 10,
"numVulnBySeverity": {
"1": 0,
"2": 3,
"3": 5,
"4": 2,
"5": 0
}
},
"props": {
"evalAlgo": "1001"
}
}
]
}
Workflow Library Example
Scan Software Packages with Lacework and Send Results Via Email
Preview this Workflow on desktop