Crate scayl

source · []
Expand description

A vulnerability analysis tool designed to score vulnerabilities inside of a vulnerability report. A vulnerability & sbom format analysis library. This library is used to analyze software based on their vulnerabilities

Examples

// Requires the 'grype' & 'trivy' features to be enabled
use std::collections::BTreeMap;
use scayl::{ContextRunner, DeploymentContext, Grype, read_json, Trivy, VulnerabilityFormat};
let grype: Grype = read_json("grype.json").unwrap();
let trivy: Trivy = read_json("trivy.json").unwrap();

let scores: BTreeMap<_, _> = grype.cvss_v3_1_scores();
for (vuln_id, v3_metric) in scores {
    println!("{} {}", vuln_id, v3_metric);
}

let context = DeploymentContext {
    ..Default::default()
};
// or
let context: DeploymentContext = read_json("context.json").unwrap();

let mut runner = ContextRunner::new();
runner.grype(&grype);
runner.trivy(&trivy);
let score = runner.calculate(&context).unwrap();
println!("{:?}", score);
// Requires the 'cyclonedx' feature to be enabled
use scayl::{ContextRunner, CycloneDx, DeploymentContext, read_json};
let cyclone: CycloneDx = read_json("cyclonedx.json").unwrap();
let context: DeploymentContext = read_json("context.json").unwrap();

let mut runner = ContextRunner::new();
 runner.cyclonedx(&cyclone);
let score = runner.calculate(&context).unwrap();
println!("{:?}", score);

Re-exports

pub use format::*;
pub use cvss::*;
pub use api::*;
pub use context::*;
pub use model::*;
pub use util::*;

Modules

api

This model contains some apis for vulnerability related services (incomplete) A collection of APIs relating to CVEs and CVSS scores Mostly unfinished, but it’s a start.

context

The main module containing the scoring mechanism & deployment contexts

cvss

This module contains CVSS v2.0 & CVSS v3.0 scoring systems and data models

format

This module contains the different SBOM and Vulnerability Report formats. Various SBOM & Vulnerability formats the grype feature enables the Grype format the syft feature enables the SYFT format the cyclonedx feature enables the CycloneDX format the sarif feature enables the SARIF format the trivy feature enables the Trivy format

model

Contains some traits for generic vulnerability & cvss functionality

util

This module contains some useful tools for reading/writing files

Macros

cvss_component

CVSS Component macro

cvss_score

A single CVSS metric