HOWTO Create a Vigiles CSV Manifest

Raw CSV files allow you to create custom software component lists in order to receive security notifications independently of any build engine.

A CSV manifest consists of the following fields:

  • Product - the CPE Name that packages use in CVEs*.
  • Version - the version of the package used.
  • (optional) Patched CVEs - a space-separated list of CVE IDs to be listed as "Fixed" in the report.
  • (optional) Whitelisted CVEs - a space-separated list of CVE IDs to be ignored in the report.

If you would like to exclude Patched CVEs or Whitelisted CVEs, you must include headers in your CSV file.

Example file contents:

package,version,patched,whitelist
busybox,1.29.2,,
glibc,2.28,,CVE-2016-10739 CVE-2019-7309
linux_kernel,4.18.21,CVE-2018-16880 CVE-2019-9003,CVE-2016-8660

*spaces in this field and will be converted into hyphens