2

In this case, I have a list of names and versions, but not access to any source code or binaries. E.g.

  • ComponentA 2.6.6
  • ComponentB 1.1
  • ComponentC 0.12

The list is more than 300 components long, so an automated process would be preferred :-)

TheMooch
  • 23
  • 2
  • your question supports a couple of scenarios, you need to be more specific, for instance do you manage their deployment individually or as part of whole solution? – elsadek Nov 03 '18 at 15:05
  • I literally just have a text document. – TheMooch Nov 03 '18 at 15:08
  • You could use a vulnerability database API (like [VulDB API](https://vuldb.com/?doc.api)), parse your txt file and run it through the API – Joe Nov 03 '18 at 15:31

1 Answers1

0

There are a number of solutions here, depending upon the types of components involved. Are these code dependencies? Are they open source? If not, how well-used are they? If they aren't code dependencies, what types of software are they?

All of these questions point to different areas to look. To start with, I'd recommend familiarizing yourself with NIST's and MITRE's CVE databases. They're both great. For scanning tools, check out OWASP's list of vuln scanners, which might point you in the right direction.

For more detailed help, let us know more about the types of components involved so that we can give more guidance. This particular question defines an entire industry of software and subfield of cybersecurity, so without more detail the answer is going to be pretty broad.

schroeder
  • 123,438
  • 55
  • 284
  • 319
securityOrange
  • 913
  • 4
  • 12