What if CVE_SEARCH is enabled alone?

[noxing]

Is it possible to only enable CVE_SEARCH to scan the firmware? What should I do if I can? Thank you

[m-1-k-3]

cve_search is used from f20 module, but it uses multiple other modules as sources. You could try the following EMBA command:

sudo ./emba -f ~/firmware.bin -l ~/emba_logs -p ./scan-profiles/default-scan.emba -m s06 -m s08 -m s09 -m s24 -m s25 -m s115 -m s116

If you also want to get results from the kernel verification module you should add -m s26

Probably we should create a SBOM EMBA profile for such tasks.

[noxing]

If I do not run S115 and S116, what is the impact on the final vulnerability scan result? Can I add -m f20? I need this aggregated file

[m-1-k-3]

S115 and S116 are using emulation to identifiy version details - see https://github.com/e-m-b-a/emba/wiki/User-mode-Emulator. So, if you are interested in software components of the firmware you probably should run it.
If you do not specify any f module all the f modules are enabled automatically ... You should be fine this way

[noxing]

S115 and S116 are using emulation to identifiy version details - see https://github.com/e-m-b-a/emba/wiki/User-mode-Emulator. So, if you are interested in software components of the firmware you probably should run it. If you do not specify any f module all the f modules are enabled automatically ... You should be fine this way

Thank you very much. It works fine and meets my requirements

[m-1-k-3]

SBOM profile will be landed soon #629