$OpenBSD: README,v 1.7 2020/07/31 13:28:05 ajacoutot Exp $
+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
Initial Configuration
=====================
The user running cvechecker(1) must be part of the _cvechecker group:
# usermod -G _cvechecker <username>
Edit ${SYSCONFDIR}/cvechecker.conf to your particular setup.
Then the database initialization is done by running:
$ cvechecker -i
(this step is required for both MariaDB and SQLite).
At last, the CVE data needs to be put into the database:
$ pullcves pull
Note that the first time this command is run, it will take a long time.
Subsequent calls to pullcves(1) will only update the current year and
will be much faster. It is advised to run this command regularly to make
sure the local CVE database is up to date with upstream.
Getting started with cvechecker
===============================
cvechecker(1) will scan a list of files and check whether there is a
corresponding CVE according to its version. For example, to check
binaries from installed packages(7):
$ find ${LOCALBASE}/{bin,libexec,sbin} -type f -perm -o+x > scanlist.txt
$ cvechecker -b scanlist.txt
$ cvechecker -r
