Outdated SCAP-Data

MeteK · October 8, 2025, 2:44pm

Hello,

is there by any chance something wrong with the vt images? the latest published CVEs and CPEs shown to me in the web-gui are from august .19, even though the other images are all up-to-date. Ive already tried to run the following commands:

docker compose pull notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objects
docker compose up -d notus-data vulnerability-tests scap-data dfn-cert-data cert-bund-data report-formats data-objects

thank you in advance for your help!

bricks · October 10, 2025, 12:40pm

Hi, did you check the feed version in the UI? CPE and CVE information are in the scap-data container image.

bjarne1 · October 29, 2025, 3:52pm

You might run into the same issue I have, where the feed version is the latest but no new CVE/CPEs are published in the web-gui.

Never got any answer but I think the issue is the order in which the extraction of the scap data is done. First it copies the meta data files which update the feed version and then unpacks the actual data. I fixed it by mounting a custom init.sh file into the scap-data container where it first unpacks the data into a tmp directory, moves all data from the tmp location to the correct location and then copies in the meta data files which contains the feed version.