We're working something similar at Patchwork (https://patchworksecurity.com/) . You tell us what packages are installed and we notify you when a new security update is released. Right now we're focusing on distro…
Hi, We understand your concerns with the current install mechanisms. We're working toward providing multiple options similar similar to sandstorm.io https://docs.sandstorm.io/en/latest/install/ There is the risk that we…
Pakiti looks like an interesting tool. Development seems to have slowed down in 2013, but the feature set might have been stable by then. We'll definitely look into this. Thanks deadfece!
Hi yaworsk, We're working on improving our API documentation. You can develop against our API and not use the supplied client. https://patchworksecurity.com/docs/
I believe this issue is fixed now. https://github.com/PatchworkSecurity/cleansweep/issues/8 Could you try running the script again?
"It would be a much better design if it worked the other way around: Aggregate recent security patches into a database and send those to the servers, and have them do a local compare of vulnerabilities. You could charge…
Hi k33n, Thanks for sharing what you learned. We will look into integrating with existing security tools. In the meantime, we believe that providing a security notifications API to users is valuable.
Hi mmaunder, e-mail notifications are our current callback mechanism but that will expand. The goal of our API is to allow you to consume the vulnerability data in a way that is more beneficial to you e.g Slack, CI. You…
Hi DoubleMalt, Thanks for the link. I've filed an issue and should have this fixed tonight https://github.com/PatchworkSecurity/cleansweep/issues/7
Hi halite! 1. We've got agents listening to incoming feeds, and did the work to ingest all the historical vulnerability data we could find. 2. We're focusing on apt installed packages for our initial release. 3 & 4. We…
Hi, our roadmap includes hooking into CI where your CI can ask our API Is the current project state vulnerable? yes) Here are a list of dependencies you need to update, run your test again no) Good, proceed with deploy…
Hi, can you tell me the version of curl you're running with curl -V Also send me an email at david@patchworksecurity.com and I'll get it working for you.
If you want to be extra cautious you can verify that the script hasn't changed with our release key https://patchworksecurity.com/releases.txt The latest release (2.0.0) has been signed by my key 0x85C64E20
Hi, the shell script is an implementation of our API. You can implement your own client against our API endpoints. This gives you complete control of what package data you send to us. If you only care about OpenSSL, you…
Hi, we decided to make it easy to setup the tool and run it. The source code is available on GitHub https://github.com/PatchworkSecurity/cleansweep/blob/master/... The comments explain what is happening at each step.
Hey, I’m David, the other co-founder of Patchwork Security. I was working on AppSec at Mozilla when Shellshock came out, then the next variant and the next. The OpSec team diligently followed new developments, but there…
We're working something similar at Patchwork (https://patchworksecurity.com/) . You tell us what packages are installed and we notify you when a new security update is released. Right now we're focusing on distro…
Hi, We understand your concerns with the current install mechanisms. We're working toward providing multiple options similar similar to sandstorm.io https://docs.sandstorm.io/en/latest/install/ There is the risk that we…
Pakiti looks like an interesting tool. Development seems to have slowed down in 2013, but the feature set might have been stable by then. We'll definitely look into this. Thanks deadfece!
Hi yaworsk, We're working on improving our API documentation. You can develop against our API and not use the supplied client. https://patchworksecurity.com/docs/
I believe this issue is fixed now. https://github.com/PatchworkSecurity/cleansweep/issues/8 Could you try running the script again?
"It would be a much better design if it worked the other way around: Aggregate recent security patches into a database and send those to the servers, and have them do a local compare of vulnerabilities. You could charge…
Hi k33n, Thanks for sharing what you learned. We will look into integrating with existing security tools. In the meantime, we believe that providing a security notifications API to users is valuable.
Hi mmaunder, e-mail notifications are our current callback mechanism but that will expand. The goal of our API is to allow you to consume the vulnerability data in a way that is more beneficial to you e.g Slack, CI. You…
Hi DoubleMalt, Thanks for the link. I've filed an issue and should have this fixed tonight https://github.com/PatchworkSecurity/cleansweep/issues/7
Hi halite! 1. We've got agents listening to incoming feeds, and did the work to ingest all the historical vulnerability data we could find. 2. We're focusing on apt installed packages for our initial release. 3 & 4. We…
Hi, our roadmap includes hooking into CI where your CI can ask our API Is the current project state vulnerable? yes) Here are a list of dependencies you need to update, run your test again no) Good, proceed with deploy…
Hi, can you tell me the version of curl you're running with curl -V Also send me an email at david@patchworksecurity.com and I'll get it working for you.
If you want to be extra cautious you can verify that the script hasn't changed with our release key https://patchworksecurity.com/releases.txt The latest release (2.0.0) has been signed by my key 0x85C64E20
Hi, the shell script is an implementation of our API. You can implement your own client against our API endpoints. This gives you complete control of what package data you send to us. If you only care about OpenSSL, you…
Hi, we decided to make it easy to setup the tool and run it. The source code is available on GitHub https://github.com/PatchworkSecurity/cleansweep/blob/master/... The comments explain what is happening at each step.
Hey, I’m David, the other co-founder of Patchwork Security. I was working on AppSec at Mozilla when Shellshock came out, then the next variant and the next. The OpSec team diligently followed new developments, but there…