CVE Reporting has ben added in release 2.7 of OCS Inventory. By enabling this feature, OCS Inventory can automatically query a CVE-search server for vulnerabilities that may apply to your inventoried softwares.
Warning : CVE Reporting is a feature for informational purposes. OCS Inventory does not guarantee the accuracy of the informations provided.
In order to use CVE Reporting feature, it's recommended to install CVE-search server.
To install and configure the CVE-search server, please refer to its documentation : CVE-search.
To access the CVE-search management configuration, you need to enable the advanced configuration :
- Navigate to
Configuration > General configuration > Server
- Click on
Configuring the CVE-Search management
As administrator, go to the menu
Configuration > General configuration,
and click on the "CVE-search management" entry in the left navigation pane:
There are 3 settings :
- VULN_CVESEARCH_ENABLE : Define wether the integration is enabled or not (default : Disabled);
- VULN_CVESEARCH_HOST : Define the URL of the cve-search server to be queried.
- VULN_BAN_LIST : Select software categories that you do not want to process. When a sofwtare category has been added to VULN_BAN_LIST, All CVE for software in this category will not be processed by OCS Inventory.
- VULN_CVESEARCH_LINK : Enable display of redirect link to CVE details page.
- VULN_CVESEARCH_VERBOSE : Enable verbose mode in CVE Crontab, can help in a debugging process.
- VULN_CVE_EXPIRE_TIME : Time of validity of a CVE after OCS Inventory scan. After this time, the CVE entry will become invalid and will be re-processed by OCS.
- VULN_CVE_DELAY_TIME : Time delay between each CVE api call.
In your server, configure a CronTab to call the file cron_cve.php in
cd /usr/share/ocsinventory-reports/ocsreports/crontab/ && php cron_cve.php
cron_cve.php call cve-search server and get all CVE by software publisher, name and version.
: It's recommended to execute the crontab at night. CVE cleaning is done automatically with cron_cve.php.
The crontab use software data to retrieve the CVE. It's recommended to launch cron_all_software.php before in order to have the data up to date.
When CVE-Search has been enabled and crontab cron_cve.php has been executed, click on
Inventory > CVE Reporting.
CVE Reporting displays all CVE in association with software and their versions already inventoried by OCS Inventory.
By CVSS on the left panel to display all CVEs by vulnerability score.
Filters to filter the vulnerability score.
By software on the left panel to display all software who are affected by a CVE.
Click on detail icon to display the CVEs registered for this software.
By computer on left panel to display all CVEs by computer.
When you click on the software name, you will be redirected to a search reporting based on the software name.