BOMnipotent Server can collect CSAF documents from external sources via a periodic task.
CSAF documents are used as sources for new vulnerabilities.
The client can be provided with an mTLS certificate, to authenticate against an external CSAF server during the document download. This grants access to CSAF documents that are classified as something other than TLP:WHITE/TLP:CLEAR, because mTLS is the mechanism several providers use for authentication.
Analogously, the periodic task of the server can be provided with an mTLS client certificate, allowing it to convert non-public CSAF documents into vulnerabilities.
Vulnerabilities contain the columns “Component” and “Source”, although they are not printed by default (see below).
Changed
To improve clarity, the config parameter to control whether or not to schedule a periodic task is called “scheduled”. The previous name “enabled” is still accepted, though.
Bom tags are printed with the more common “@” as a deliminator between name and version, opposed to the previous “:”.
By default, not all columns of vulnerabilities are printed. The full print can instead be activated with the “–full” flag.