We've just finished a tool to build debsecan suitable databases from the
Ubuntu CVE Tracker data.
It is open source under Apache 2.0 and it is available here:
https://github.com/BBVA/ust2dsa
Using Github's CI we rebuild the databases every 6 hours for them to
contain the latest vulnerability info
We are working in a small piece of software to be able to generate
debsecan compatible databases from the information available in the
Ubuntu Security Tracker. After this is done, with some minor changes to
debsecan, we could solve this issue.
Do this sound like a reasonable idea to you?
--
You
