Find pending security updates
kpcyrd opened this issue · comments
I'm looking for something along the lines of debsecan that is able to:
- get a list of advisories from debian that have updates on security.debian.org
- compare this list with installed packages
- report pending security updates to the investigator
The current mig workflow would require explicitly starting investigations for each advisory.
@kpcyrd you may want to have a look at https://github.com/mozilla/scribe, specifically https://github.com/mozilla/scribe/tree/master/scribevulnpolicy. This generates vulnerability checks for platforms supported by clair, and the actions can be run using MIG's scribe module support.