Skip to main content
Request an on-demand vulnerability assessment of your software packages to determine if the packages contain any common vulnerabilities and exposures. The response for detected CVEs includes CVE details. Only packages managed by a package manager for supported operating systems are reported.
External DocumentationTo learn more, visit the Lacework documentation.

Parameters

ParameterDescription
Operating System TypeThe Operating Systems name.
Operating System VersionThe Operating Systems version.
Package NameThe package name.
Package VersionThe version of the package.

Example Output

{
	"data": [
		{
			"osPkgInfo": {
				"namespace": "ubuntu:18.04",
				"os": "Ubuntu",
				"osVer": "18.04",
				"pkg": "openssl",
				"pkgVer": "1.1.1-1ubuntu2.1~18.04.5",
				"versionFormat": "dpkg"
			},
			"vulnId": "CVE-2017-3731",
			"severity": "Medium",
			"featureKey": {
				"name": "openssl",
				"namespace": "ubuntu:18.04"
			},
			"cveProps": {
				"cveBatchId": "087956A88D8B89A79D0DC1F2E5E8269C",
				"description": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
				"link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-3731",
				"metadata": {
					"nvd": {
						"cvssv2": {
							"publisheddatetime": "2017-05-04T19:29Z",
							"score": 5,
							"vectors": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
						},
						"cvssv3": {
							"exploitabilityscore": 3.9,
							"impactscore": 3.6,
							"score": 7.5,
							"vectors": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
						}
					}
				}
			},
			"fixInfo": {
				"fixAvailable": "1",
				"fixedVersion": "0:1.0.2g-1ubuntu11"
			},
			"summary": {
				"evalCreatedTime": "2021-09-16 18:41:04.161 -0700",
				"evalStatus": "MATCH_VULN",
				"numFixableVuln": 10,
				"numFixableVulnBySeverity": {
					"1": 0,
					"2": 3,
					"3": 5,
					"4": 2,
					"5": 0
				},
				"numTotal": 70,
				"numVuln": 10,
				"numVulnBySeverity": {
					"1": 0,
					"2": 3,
					"3": 5,
					"4": 2,
					"5": 0
				}
			},
			"props": {
				"evalAlgo": "1001"
			}
		}
	]
}

Workflow Library Example

Scan Software Packages with Lacework and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop