diff --git a/README.md b/README.md index e228e7d272..8fa333a968 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ For more details, see our [documentation](https://cve-bin-tool.readthedocs.io/en - [Generating a VEX](#generating-a-vex) - [Triaging vulnerabilities](#triaging-vulnerabilities) - [Using the tool offline](#using-the-tool-offline) + - [No Scan Mode](#no-scan-mode) - [Using CVE Binary Tool in GitHub Actions](#using-cve-binary-tool-in-github-actions) - [Output Options](#output-options) - [Configuration](#configuration) @@ -155,6 +156,18 @@ Specifying the `--offline` option when running a scan ensures that cve-bin-tool Note that you will need to obtain a copy of the vulnerability data before the tool can run in offline mode. [The offline how-to guide contains more information on how to set up your database.](https://github.com/intel/cve-bin-tool/blob/main/doc/how_to_guides/offline.md) +### No-Scan Mode + +The No-Scan Mode is currently under development, but you can try out a beta version by running: + +```bash +cve-bin-tool --no-scan +``` + +In this beta release, all the database-related checks are skipped. For the binary checker pipeline, it gives output based on the CPE information embedded in the checkers. For the language parser pipeline, all database queries are skipped and it returns a bunch of ScanInfo objects. + +Please not that you might still find some errors while running no-scan mode in the output pipeline as it is still under development. + ### Using CVE Binary Tool in GitHub Actions If you want to integrate cve-bin-tool as a part of your github action pipeline, you can use cve-bin-tool's official GitHub Action. Find more details [here](https://github.com/intel/cve-bin-tool-action/#cve-binary-tool-github-action). The GitHub Action provide reports on the security tab, which is available to open source projects as well as GitHub customers who have paid for that access. diff --git a/test/test_no_scan.py b/test/test_no_scan.py new file mode 100644 index 0000000000..6ce50a00f8 --- /dev/null +++ b/test/test_no_scan.py @@ -0,0 +1,48 @@ +# Copyright (C) 2025 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +import subprocess + + +def test_no_scan_exists(): + """ + Test that --no-scan mode exists + """ + result = subprocess.run( + ["python3", "cve_bin_tool/cli.py", "--help"], + capture_output=True, + text=True, + ) + + output = result.stdout + result.stderr + + assert "no-scan" in output + + assert result.returncode == 0 + + +# @pytest.mark.skip(reason="Failing due to unknown errors") +def test_no_scan_output(): + """ + Test the tool with --no-scan flag + """ + result = subprocess.run( + ["python3", "cve_bin_tool/cli.py", "./experiments", "--no-scan"], + capture_output=True, + text=True, + ) + + assert "No Scan Mode: No CVE Scanning" in result.stdout + + +def test_normal_scan(): + """ + Test Normal Scan without --no-scan flag + """ + result = subprocess.run( + ["python3", "cve_bin_tool/cli.py", "./experiments"], + capture_output=True, + text=True, + ) + + assert "No Scan Mode: No CVE Scanning" not in result.stdout