Skip to main content

OpenChain Automation Case Study #7 – VulnerableCode technical deep dive into VulnTotal

Philippe Ombredanne from nexB will lead a technical deep dive into VulnTotal on the 7th of February at 09:00 CET (08:00 UTC). Join us in our usual room here:

This deep dive is about as aspect of the AboutCode Project, with VulnerableCode providing tools to collect, aggregate and refine software vulnerability information from more than 20 sources and tools to quickly create new “importers”. VulnTotal is something that came out of Google Summer of Code 2022:

VulnTotal: Cross-validate vulnerability coverage of VulnerableCode (Keshav Priyadarshi)

VulnerableCode is a unique project that collates and cross-references FOSS vulnerability data from multiple sources. Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project will cross-validate the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.