Use with Debian based packages #171
Description
Hi, and thanks for an interesting project.
Whilst my servers are all rpm package based, all my engineers use Debian based distros. I've had a play with dpkg to try and emulate rpm output. However I get a significant number of misses. e.g.
dpkg-query --show -f='${binary:Package}-${Version}.${Architecture}\n' | rpm2cpe -rpm=1 -cpe=2
appears to give valid results e.g.:
wamerican-2018.04.16-1.all cpe:/a::wamerican:2018.04.16:1:~~~~all~
wbritish-2018.04.16-1.all cpe:/a::wbritish:2018.04.16:1:~~~~all~
wget-1.20.3-1ubuntu1.amd64 cpe:/a::wget:1.20.3:1ubuntu1:~~~~amd64~
whiptail-0.52.21-4ubuntu2.amd64 cpe:/a::whiptail:0.52.21:4ubuntu2:~~~~amd64~
whoopsie-preferences-22.amd64 cpe:/a::whoopsie:preferences:22:~~~~amd64~
but also a lot of errors e.g.:
rpm2cpe: error: couldn't process record []: couldn't parse RPM name from field "zoom-5.4.54779.1115.amd64": can't get fields from "zoom-5.4.54779.1115.amd64": can't find version in pkg "zoom"
rpm2cpe: error: couldn't process record []: couldn't parse RPM name from field "whois-5.5.6.amd64": can't get fields from "whois-5.5.6.amd64": can't find versi
on in pkg "whois"
rpm2cpe: error: couldn't process record []: couldn't parse RPM name from field "whoopsie-0.2.69ubuntu0.3.amd64": can't get fields from "whoopsie-0.2.69ubuntu0.3.amd64": can't find version in p
kg "whoopsie"
rpm2cpe: error: couldn't process record []: couldn't parse RPM name from field "xorg-1:7.7+19ubuntu14.amd64": can't get fields from "xorg-1:7.7+19ubuntu14.amd64": can't find version in pkg "xo
rg"
I could clean up the dpkg output to remove the errors, but that will mean missing substantial numbers of packages. Any suggestions on how I perhaps modify my one-liner? Or is there a better method to achieve what I want?
My eventual aim is to install a cron on all the engineer's development machines to input their stack to a central database and run the CVE checks for them alongside doing the same for the servers. Any help appreciated.