VulnerableCode is a unique project that collates and cross-references FOSS vulnerability data from multiple sources. Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project will cross-validate the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.
In this recorded webinar with the OpenChain Project, nexB co-founder and CTO Philippe Ombredanne presents a technical deep dive into VulnerableCode, a FOSS tool to collect, aggregate and refine software vulnerability information from more than 20 sources and to quickly create new importers. He then demonstrates how to use VulnTotal to cross-validate vulnerability coverage of VulnerableCode.
Video
Slides
Ready to get started with VulnerableCode?
- Download VulnerableCode
- Learn more about VulnerableCode at nexb.com/vulnerablecode
