Vulnix v1.0 release

Intro

Back in May I introduced you to the development of vulnix, a tool which initially was done to find out whether a system (might) be affected by a security vulnerability. It does this by matching the derivations name with the product and version specified in the cpe language of the so-called CVEs (Common Vulnerabilities and Exposures). In the meantime we introduced the tool to the community at the Berlin NixOS Meetup and got some wonderful input in which directions we might extend the features. We sprinted the next two days to improve the code quality and broaden the feature set.

What we got as a result, is best-demonstrated by showing the usage function.

* Is my NixOS system installation affected?

Invoke:  vulnix --system

* Is my user environment (~/.nix-profile) affected?

Invoke:  vulnix --user

* Is my project affected?

Invoke after nix-build:  vulnix ./result

Installation (manual)

With the help of Rok and his recently re-written pypi2nix packaging vulnix for NixOS was a breeze and the installation procedure a simple

git clone https://github.com/flyingcircusio/vulnix.git
cd ./vulnix
nix-build

For a full set of options go for vulnix --help

Platform

From the next release on, vulnix will be part of our platform code and check periodically if the NixOS based VMs are affected or not. In this case operations get informed and can develop counter-measures like introspecting the CVEs, applying patches and or decline the hits as false positives. For instances if the hit is simply coincidental or not relevant in the context of the Flying Circus platform.

One thought on “Vulnix v1.0 release

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s