Welcome to VulnerableCode!

VulnerableCode provides an open database of software packages that are affected by known security vulnerabilities aka. “vulnerable packages”.

VulnerableCode is also a free and open source software (FOSS) project that provides the tools to build this open database. The tools handle collecting, aggregating and correlating these vulnerabilities and relating them to a correct package version. Our project also supports a public cloud instance of this database - VulnerableCode.io.

In this documentation you will find information on:

• An overview of VulnerableCode and what you can do with it

• Installation instructions

• How to make technical contributions to the project and the community

Getting Started

• VulnerableCode Overview
  • What can I do with VulnerableCode?
  • Why VulnerableCode?
  • How does it work?
  • How can I contribute to VulnerableCode?
• User Interface
  • Search by packages
  • Search by vulnerabilities
• Installation
  • Run with Docker
  • Local development installation
  • Using Nix
• API overview
  • Browse the Open API documentation
  • How to use OpenAPI documentation
  • Query for Package Vulnerabilities
  • Package Bulk Search
  • CPE Bulk Search
  • API endpoints reference
  • Miscellaneous
• API usage administration for on-premise deployments
  • Enable the API key authentication
  • Create an API key-only user
• Contributing to VulnerableCode
  • Do Your Homework
  • Ways to Contribute
  • Helpful Resources
  • Add a new importer
  • TL;DR
  • Prerequisites
  • Writing an importer
  • Add a new improver
  • TL;DR
  • Prerequisites
  • Writing an improver
• FAQ
  • During development, how do I quickly empty my database and start afresh ?
• Miscellaneous
  • Continuous periodic Data import
  • Environment variables configuration
  • Throttling rate configuration

Reference Documentation

• Importer Overview
• Improver Overview
• Framework Overview
• Command Line Interface
  • $ ./manage.py --help
  • $ ./manage.py <subcommand> --help
  • $ ./manage.py import <importer-name>
  • $ ./manage.py improve <improver-name>
  • $ ./manage.py purl2cpe --destination <directory
• Importers

Summer of Codes

• Google Summer of Code 2021 Final Report

Indices and tables

• Index

• Module Index

• Search Page