Technical deep dive into VulnerableCode v31 and VulnTotal

VulnerableCode is a FOSS project that provides tools to build a database of software vulnerabilities and the packages they impact. The tools handle collecting, aggregating and correlating these vulnerabilities. Our project also supports a public Cloud instance of this database – VulnerableCode.io.

With our latest release, we’ve made many improvements to help you find FOSS vulnerabilities, and improve overall FOSS security including:

  • New web UI plus API access
  • Focus on software packages, leveraging Package URL (PURL)
  • Improved data collection with expanded data sources and enhanced package endpoints
  • VulnTotal expands the vulnerability coverage of VulnerableCode against other publicly available vulnerability checking tools and databases

In this recorded webinar, nexB co-founder and CTO Philippe Ombredanne demonstrates VulnerableCode and explains how to best use this new FOSS tool to automate search for FOSS security vulnerabilities. Philippe also shares how VulnerableCode addresses key security concerns for using FOSS code in modern applications by collecting and parsing data from many sources, identifying packages using a standardized package url, and accessing the data through a REST API.

Video

Slides

Ready to get started with VulnerableCode?

Share on LinkedIn
Share on Twitter
Share via Email
Share on Reddit

More videos