VulnerabilityFinder is a Kotlin library designed to empower developers by providing an interface to the National Vulnerability Database (NVD). It allows you to fetch and analyze vulnerabilities related to specific products, which can be defined by vendor, type, and version.
This library is particularly useful for security analysts, developers, and organizations who want to ensure their software products are secure and up-to-date with the latest vulnerability information.
- Fetch all vulnerabilities related to a specific product from the NVD
- Option to retrieve only open vulnerabilities.
- Pagination support to handle the NVD API's limit on the number of vulnerabilities that can be retrieved in a single request.
- Built with Kotlin and uses Gradle for dependency management.
To use this library, you need to include it in your project's dependencies. You can do this by adding the following to your build.gradle
file:
dependencies {
implementation("com.parsamlm:VulnerabilityFinder:1.1.1")
}
Then, you can use the fetchAllVulnerabilities function to retrieve vulnerabilities. Here's an example:
val vulnerabilities = VF.fetchAllVulnerabilities(
apiKey = "your_api_key",
findOnlyVulnerable = true,
vendor = "vendor_name",
type = "product_type",
version = "product_version"
)
Note: Having an API key is optional (it can be 'null') but it is suggested to have one to increase requests limit. Request one from NVD website.
This library is designed to empower developers with NVD. However, with great power comes great responsibility. We strongly encourage the use of this library for ethical and lawful purposes only.
By using this library, you acknowledge and accept the following:
- You are solely responsible for the consequences of using this library.
- The library developers are not liable for any damages or harm caused by its misuse.
- We reserve the right to terminate access to the library for any violation of these terms.