vulnpilot 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 PatchVex
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,325 @@
1
+ Metadata-Version: 2.1
2
+ Name: vulnpilot
3
+ Version: 0.1.0
4
+ Summary: Turn vulnerability scan data into prioritized action. Runs locally. Your data never leaves your machine.
5
+ Project-URL: Homepage, https://patchvex.com
6
+ Project-URL: Repository, https://github.com/PatchVex/vulnpilot
7
+ Project-URL: Bug Tracker, https://github.com/PatchVex/vulnpilot/issues
8
+ Keywords: security,vulnerability,nessus,cve,kev,epss,devsecops
9
+ Classifier: Development Status :: 3 - Alpha
10
+ Classifier: Environment :: Console
11
+ Classifier: Intended Audience :: Information Technology
12
+ Classifier: Topic :: Security
13
+ Classifier: Programming Language :: Python :: 3
14
+ Classifier: Programming Language :: Python :: 3.10
15
+ Classifier: Programming Language :: Python :: 3.11
16
+ Classifier: Programming Language :: Python :: 3.12
17
+ Requires-Python: >=3.10
18
+ Description-Content-Type: text/markdown
19
+ License-File: LICENSE
20
+ Provides-Extra: dev
21
+ Requires-Dist: pytest>=7; extra == "dev"
22
+ Requires-Dist: pytest-cov; extra == "dev"
23
+
24
+ # VulnPilot
25
+
26
+ **Prioritize vulnerabilities using real-world exploit intelligence — not just severity scores.**
27
+
28
+ Runs locally. Your data never leaves your machine.
29
+
30
+ [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
31
+ [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://python.org)
32
+ [![Status: Developer Preview](https://img.shields.io/badge/status-developer%20preview-orange.svg)]()
33
+ [![Version: 0.1.0](https://img.shields.io/badge/version-0.1.0-blue.svg)]()
34
+
35
+ ---
36
+
37
+ ## Quick Start
38
+
39
+ ```bash
40
+ pip install vulnpilot
41
+ vulnpilot update-feeds
42
+ vulnpilot analyze scan.csv
43
+ ```
44
+
45
+ VulnPilot downloads the latest public threat intelligence, analyzes your Nessus scan locally, and shows what should be remediated first. No API keys required.
46
+
47
+ ---
48
+
49
+ ## Features
50
+
51
+ - Local-first vulnerability prioritization — scan data never leaves your machine
52
+ - CISA KEV enrichment — flags findings confirmed exploited in the wild
53
+ - FIRST EPSS enrichment — exploitation probability scoring
54
+ - Composite risk scoring — KEV + EPSS + CVSS combined
55
+ - Top vulnerable hosts ranked by aggregate risk
56
+ - Zero cloud upload, zero telemetry, zero account required
57
+ - GitHub Actions daily feed automation
58
+ - Open source Community Edition — MIT licensed
59
+
60
+ ---
61
+
62
+ ## The problem
63
+
64
+ Security teams often spend hours manually triaging scan results. Your Nessus export contains thousands of findings. CVSS says hundreds are Critical. The real question — which ones are actively being exploited right now?
65
+
66
+ VulnPilot automates this process in seconds on typical scan files.
67
+
68
+ ---
69
+
70
+ ## Why VulnPilot?
71
+
72
+ | Instead of | VulnPilot |
73
+ |---|---|
74
+ | Sorting by CVSS score alone | Uses KEV + EPSS + CVSS composite scoring |
75
+ | Manual triage taking hours | Automated prioritization in seconds |
76
+ | Uploading scans to cloud services | Local-first — data never leaves your machine |
77
+ | Enterprise-only platforms | Developer Preview — free and open source |
78
+
79
+ ---
80
+
81
+ ## Why local-first?
82
+
83
+ Many organizations prohibit uploading vulnerability scan data to third-party cloud services. VulnPilot performs all analysis locally on your machine.
84
+
85
+ No customer vulnerability data is transmitted outside your environment.
86
+
87
+ ---
88
+
89
+ ## Architecture
90
+
91
+ ```
92
+ Public Threat Intelligence
93
+ +-------------------------------+
94
+ | CISA KEV FIRST EPSS |
95
+ +---------------+---------------+
96
+ |
97
+ vulnpilot update-feeds
98
+ |
99
+ ~/.vulnpilot/feeds/ (local cache)
100
+ |
101
+ vulnpilot analyze
102
+ |
103
+ Nessus CSV (Local Machine Only)
104
+ |
105
+ Composite Risk Engine
106
+ |
107
+ Prioritized Findings
108
+ ```
109
+
110
+ Only public threat intelligence feeds are downloaded. No API keys required. Your scan data never leaves your machine.
111
+
112
+ ---
113
+
114
+ ## Install
115
+
116
+ ```bash
117
+ pip install vulnpilot
118
+ ```
119
+
120
+ Tested on Python 3.10, 3.11, and 3.12.
121
+
122
+ ---
123
+
124
+ ## Usage
125
+
126
+ ```bash
127
+ # Download latest KEV and EPSS feeds
128
+ vulnpilot update-feeds
129
+
130
+ # Analyze a Nessus CSV export
131
+ vulnpilot analyze scan.csv
132
+
133
+ # Show top N hosts by aggregate risk
134
+ vulnpilot analyze scan.csv --top-hosts 5
135
+
136
+ # Use local feed files
137
+ vulnpilot analyze scan.csv --kev ./kev.json --epss ./epss.csv.gz
138
+
139
+ # Disable colour output (for CI pipelines)
140
+ vulnpilot analyze scan.csv --no-colour
141
+ ```
142
+
143
+ ---
144
+
145
+ ## Example output
146
+
147
+ ```
148
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
149
+ VulnPilot by PatchVex — Vulnerability Prioritization
150
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
151
+ Total findings : 5,482
152
+ Unique hosts : 47
153
+ Critical : 142
154
+ KEV matches : 19
155
+ EPSS >= 90% : 31
156
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
157
+
158
+ # Score Priority Host CVE Finding
159
+ ───────────────────────────────────────────────────────────────────────
160
+ 1 100.0 CRITICAL NOW 192.168.1.10 CVE-2021-44228 Log4Shell ★KEV
161
+ 2 100.0 CRITICAL NOW 192.168.1.25 CVE-2023-34362 MOVEit SQL Injection ★KEV
162
+ 3 99.8 CRITICAL NOW 192.168.1.15 CVE-2020-1472 Zerologon ★KEV
163
+ 4 99.7 CRITICAL NOW 192.168.1.11 CVE-2021-26084 Confluence RCE ★KEV
164
+ 5 11.5 LOW 192.168.1.10 N/A SSH Weak Ciphers
165
+
166
+ ★ KEV = CISA Known Exploited Vulnerability — highest remediation priority
167
+ based on active exploitation in the wild.
168
+
169
+ TOP 10 HOSTS BY AGGREGATE RISK
170
+ 1. 192.168.1.10 score=122.0 [1 KEV] [1 critical]
171
+ 2. 192.168.1.25 score=100.0 [1 KEV] [1 critical]
172
+ 3. 192.168.1.15 score=99.8 [1 KEV] [1 critical]
173
+ ```
174
+
175
+ ---
176
+
177
+ ## How scoring works
178
+
179
+ The scoring algorithm is deterministic, transparent, and fully documented.
180
+
181
+ VulnPilot uses a composite risk score that combines four signals:
182
+
183
+ | Signal | Weight | Source |
184
+ |---|---|---|
185
+ | CISA KEV match | 40% | Known exploited in the wild |
186
+ | FIRST EPSS score | 35% | Exploitation probability |
187
+ | CVSS base score | 15% | Severity context |
188
+ | Scanner risk rating | 10% | Nessus severity label |
189
+
190
+ The composite score is intentionally opinionated. Known exploited vulnerabilities receive the greatest weight because active exploitation is a stronger predictor of remediation priority than severity alone. EPSS estimates exploitation likelihood in the next 30 days, while CVSS and scanner severity provide additional context for findings without EPSS data.
191
+
192
+ Any finding confirmed in the CISA KEV catalog scores a minimum of 75 regardless of other factors. The weighting model is intentionally transparent and may evolve based on community feedback and real-world usage.
193
+
194
+ > **Note**
195
+ >
196
+ > VulnPilot provides prioritization guidance to assist remediation workflows.
197
+ > Final remediation decisions should always consider asset criticality, business context,
198
+ > exploit mitigations, and organizational risk tolerance.
199
+
200
+ ---
201
+
202
+ ## Privacy by design
203
+
204
+ - Scan data processed entirely on your local machine
205
+ - No account required
206
+ - No cloud upload, ever
207
+ - No telemetry or analytics
208
+ - No API keys required
209
+ - Works air-gapped after initial feed download
210
+ - Open source — inspect every line of code
211
+
212
+ ---
213
+
214
+ ## Feed updates
215
+
216
+ VulnPilot pulls two public datasets:
217
+
218
+ - **CISA KEV** — Known Exploited Vulnerabilities catalog (maintained by CISA)
219
+ - **FIRST EPSS** — Exploit Prediction Scoring System (updated daily by FIRST.org)
220
+
221
+ Feeds are cached at `~/.vulnpilot/feeds/` on your machine. No API keys required.
222
+
223
+ ```bash
224
+ vulnpilot update-feeds
225
+ ```
226
+
227
+ The GitHub repository also runs an automated daily feed sync via GitHub Actions, publishing optimized feed files for the CLI to consume.
228
+
229
+ ---
230
+
231
+ ## Supported scanners
232
+
233
+ | Scanner | Status |
234
+ |---|---|
235
+ | Nessus (.csv export) | ✅ Supported |
236
+ | Qualys | Planned |
237
+ | Rapid7 | Planned |
238
+ | OpenVAS | Planned |
239
+ | Microsoft Defender | Planned |
240
+ | AWS Inspector | Planned |
241
+
242
+ ---
243
+
244
+ ## Roadmap
245
+
246
+ **Current — v0.1.0 (Developer Preview)**
247
+ - [x] Nessus CSV parser
248
+ - [x] CISA KEV enrichment
249
+ - [x] FIRST EPSS enrichment
250
+ - [x] Composite risk scoring
251
+ - [x] Prioritized terminal output
252
+ - [x] Top hosts by aggregate risk
253
+ - [x] Free tier — top 20 findings
254
+ - [x] GitHub Actions daily feed automation
255
+
256
+ **v0.2.0**
257
+ - [ ] HTML report export
258
+ - [ ] PDF report export
259
+
260
+ **v0.3.0**
261
+ - [ ] Jira integration
262
+ - [ ] Slack notifications
263
+ - [ ] Scheduled scans
264
+
265
+ **v0.4.0**
266
+ - [ ] Qualys CSV support
267
+ - [ ] REST API
268
+
269
+ **v1.0.0**
270
+ - [ ] Rapid7 and OpenVAS support
271
+ - [ ] Self-hosted Docker edition
272
+ - [ ] Team features
273
+
274
+ Future development priorities will be driven by community feedback and real-world usage.
275
+
276
+ ---
277
+
278
+ ## Requirements
279
+
280
+ - Python 3.10, 3.11, or 3.12
281
+ - pip
282
+ - Internet connection for feed updates (air-gapped use supported after initial download)
283
+ - Nessus .csv export file
284
+
285
+ ---
286
+
287
+ ## Contributing
288
+
289
+ Issues, bug reports, and pull requests are welcome.
290
+
291
+ - **Bug reports and feature requests:** [github.com/PatchVex/vulnpilot/issues](https://github.com/PatchVex/vulnpilot/issues)
292
+ - **Security disclosures:** security@patchvex.com
293
+
294
+ Good first issues are labelled `good first issue` in the issue tracker. Please search existing issues before opening a new one.
295
+
296
+ ---
297
+
298
+ ## Acknowledgements
299
+
300
+ VulnPilot uses publicly available threat intelligence published by:
301
+
302
+ - [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
303
+ - [FIRST Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
304
+
305
+ Thank you to both organizations for maintaining these community resources.
306
+
307
+ ---
308
+
309
+ ## License
310
+
311
+ MIT License — see [LICENSE](LICENSE) for details.
312
+
313
+ Free to use, modify, and distribute. Commercial use permitted.
314
+
315
+ ---
316
+
317
+ ## About PatchVex
318
+
319
+ VulnPilot is built and maintained by [PatchVex](https://patchvex.com).
320
+
321
+ PatchVex builds privacy-first workflow tools for security and DevSecOps teams. Our products help engineers spend less time managing vulnerability data and more time fixing the issues that matter.
322
+
323
+ - Website: [patchvex.com](https://patchvex.com)
324
+ - Email: hello@patchvex.com
325
+ - GitHub: [github.com/PatchVex](https://github.com/PatchVex)
@@ -0,0 +1,302 @@
1
+ # VulnPilot
2
+
3
+ **Prioritize vulnerabilities using real-world exploit intelligence — not just severity scores.**
4
+
5
+ Runs locally. Your data never leaves your machine.
6
+
7
+ [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
8
+ [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://python.org)
9
+ [![Status: Developer Preview](https://img.shields.io/badge/status-developer%20preview-orange.svg)]()
10
+ [![Version: 0.1.0](https://img.shields.io/badge/version-0.1.0-blue.svg)]()
11
+
12
+ ---
13
+
14
+ ## Quick Start
15
+
16
+ ```bash
17
+ pip install vulnpilot
18
+ vulnpilot update-feeds
19
+ vulnpilot analyze scan.csv
20
+ ```
21
+
22
+ VulnPilot downloads the latest public threat intelligence, analyzes your Nessus scan locally, and shows what should be remediated first. No API keys required.
23
+
24
+ ---
25
+
26
+ ## Features
27
+
28
+ - Local-first vulnerability prioritization — scan data never leaves your machine
29
+ - CISA KEV enrichment — flags findings confirmed exploited in the wild
30
+ - FIRST EPSS enrichment — exploitation probability scoring
31
+ - Composite risk scoring — KEV + EPSS + CVSS combined
32
+ - Top vulnerable hosts ranked by aggregate risk
33
+ - Zero cloud upload, zero telemetry, zero account required
34
+ - GitHub Actions daily feed automation
35
+ - Open source Community Edition — MIT licensed
36
+
37
+ ---
38
+
39
+ ## The problem
40
+
41
+ Security teams often spend hours manually triaging scan results. Your Nessus export contains thousands of findings. CVSS says hundreds are Critical. The real question — which ones are actively being exploited right now?
42
+
43
+ VulnPilot automates this process in seconds on typical scan files.
44
+
45
+ ---
46
+
47
+ ## Why VulnPilot?
48
+
49
+ | Instead of | VulnPilot |
50
+ |---|---|
51
+ | Sorting by CVSS score alone | Uses KEV + EPSS + CVSS composite scoring |
52
+ | Manual triage taking hours | Automated prioritization in seconds |
53
+ | Uploading scans to cloud services | Local-first — data never leaves your machine |
54
+ | Enterprise-only platforms | Developer Preview — free and open source |
55
+
56
+ ---
57
+
58
+ ## Why local-first?
59
+
60
+ Many organizations prohibit uploading vulnerability scan data to third-party cloud services. VulnPilot performs all analysis locally on your machine.
61
+
62
+ No customer vulnerability data is transmitted outside your environment.
63
+
64
+ ---
65
+
66
+ ## Architecture
67
+
68
+ ```
69
+ Public Threat Intelligence
70
+ +-------------------------------+
71
+ | CISA KEV FIRST EPSS |
72
+ +---------------+---------------+
73
+ |
74
+ vulnpilot update-feeds
75
+ |
76
+ ~/.vulnpilot/feeds/ (local cache)
77
+ |
78
+ vulnpilot analyze
79
+ |
80
+ Nessus CSV (Local Machine Only)
81
+ |
82
+ Composite Risk Engine
83
+ |
84
+ Prioritized Findings
85
+ ```
86
+
87
+ Only public threat intelligence feeds are downloaded. No API keys required. Your scan data never leaves your machine.
88
+
89
+ ---
90
+
91
+ ## Install
92
+
93
+ ```bash
94
+ pip install vulnpilot
95
+ ```
96
+
97
+ Tested on Python 3.10, 3.11, and 3.12.
98
+
99
+ ---
100
+
101
+ ## Usage
102
+
103
+ ```bash
104
+ # Download latest KEV and EPSS feeds
105
+ vulnpilot update-feeds
106
+
107
+ # Analyze a Nessus CSV export
108
+ vulnpilot analyze scan.csv
109
+
110
+ # Show top N hosts by aggregate risk
111
+ vulnpilot analyze scan.csv --top-hosts 5
112
+
113
+ # Use local feed files
114
+ vulnpilot analyze scan.csv --kev ./kev.json --epss ./epss.csv.gz
115
+
116
+ # Disable colour output (for CI pipelines)
117
+ vulnpilot analyze scan.csv --no-colour
118
+ ```
119
+
120
+ ---
121
+
122
+ ## Example output
123
+
124
+ ```
125
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
126
+ VulnPilot by PatchVex — Vulnerability Prioritization
127
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
128
+ Total findings : 5,482
129
+ Unique hosts : 47
130
+ Critical : 142
131
+ KEV matches : 19
132
+ EPSS >= 90% : 31
133
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
134
+
135
+ # Score Priority Host CVE Finding
136
+ ───────────────────────────────────────────────────────────────────────
137
+ 1 100.0 CRITICAL NOW 192.168.1.10 CVE-2021-44228 Log4Shell ★KEV
138
+ 2 100.0 CRITICAL NOW 192.168.1.25 CVE-2023-34362 MOVEit SQL Injection ★KEV
139
+ 3 99.8 CRITICAL NOW 192.168.1.15 CVE-2020-1472 Zerologon ★KEV
140
+ 4 99.7 CRITICAL NOW 192.168.1.11 CVE-2021-26084 Confluence RCE ★KEV
141
+ 5 11.5 LOW 192.168.1.10 N/A SSH Weak Ciphers
142
+
143
+ ★ KEV = CISA Known Exploited Vulnerability — highest remediation priority
144
+ based on active exploitation in the wild.
145
+
146
+ TOP 10 HOSTS BY AGGREGATE RISK
147
+ 1. 192.168.1.10 score=122.0 [1 KEV] [1 critical]
148
+ 2. 192.168.1.25 score=100.0 [1 KEV] [1 critical]
149
+ 3. 192.168.1.15 score=99.8 [1 KEV] [1 critical]
150
+ ```
151
+
152
+ ---
153
+
154
+ ## How scoring works
155
+
156
+ The scoring algorithm is deterministic, transparent, and fully documented.
157
+
158
+ VulnPilot uses a composite risk score that combines four signals:
159
+
160
+ | Signal | Weight | Source |
161
+ |---|---|---|
162
+ | CISA KEV match | 40% | Known exploited in the wild |
163
+ | FIRST EPSS score | 35% | Exploitation probability |
164
+ | CVSS base score | 15% | Severity context |
165
+ | Scanner risk rating | 10% | Nessus severity label |
166
+
167
+ The composite score is intentionally opinionated. Known exploited vulnerabilities receive the greatest weight because active exploitation is a stronger predictor of remediation priority than severity alone. EPSS estimates exploitation likelihood in the next 30 days, while CVSS and scanner severity provide additional context for findings without EPSS data.
168
+
169
+ Any finding confirmed in the CISA KEV catalog scores a minimum of 75 regardless of other factors. The weighting model is intentionally transparent and may evolve based on community feedback and real-world usage.
170
+
171
+ > **Note**
172
+ >
173
+ > VulnPilot provides prioritization guidance to assist remediation workflows.
174
+ > Final remediation decisions should always consider asset criticality, business context,
175
+ > exploit mitigations, and organizational risk tolerance.
176
+
177
+ ---
178
+
179
+ ## Privacy by design
180
+
181
+ - Scan data processed entirely on your local machine
182
+ - No account required
183
+ - No cloud upload, ever
184
+ - No telemetry or analytics
185
+ - No API keys required
186
+ - Works air-gapped after initial feed download
187
+ - Open source — inspect every line of code
188
+
189
+ ---
190
+
191
+ ## Feed updates
192
+
193
+ VulnPilot pulls two public datasets:
194
+
195
+ - **CISA KEV** — Known Exploited Vulnerabilities catalog (maintained by CISA)
196
+ - **FIRST EPSS** — Exploit Prediction Scoring System (updated daily by FIRST.org)
197
+
198
+ Feeds are cached at `~/.vulnpilot/feeds/` on your machine. No API keys required.
199
+
200
+ ```bash
201
+ vulnpilot update-feeds
202
+ ```
203
+
204
+ The GitHub repository also runs an automated daily feed sync via GitHub Actions, publishing optimized feed files for the CLI to consume.
205
+
206
+ ---
207
+
208
+ ## Supported scanners
209
+
210
+ | Scanner | Status |
211
+ |---|---|
212
+ | Nessus (.csv export) | ✅ Supported |
213
+ | Qualys | Planned |
214
+ | Rapid7 | Planned |
215
+ | OpenVAS | Planned |
216
+ | Microsoft Defender | Planned |
217
+ | AWS Inspector | Planned |
218
+
219
+ ---
220
+
221
+ ## Roadmap
222
+
223
+ **Current — v0.1.0 (Developer Preview)**
224
+ - [x] Nessus CSV parser
225
+ - [x] CISA KEV enrichment
226
+ - [x] FIRST EPSS enrichment
227
+ - [x] Composite risk scoring
228
+ - [x] Prioritized terminal output
229
+ - [x] Top hosts by aggregate risk
230
+ - [x] Free tier — top 20 findings
231
+ - [x] GitHub Actions daily feed automation
232
+
233
+ **v0.2.0**
234
+ - [ ] HTML report export
235
+ - [ ] PDF report export
236
+
237
+ **v0.3.0**
238
+ - [ ] Jira integration
239
+ - [ ] Slack notifications
240
+ - [ ] Scheduled scans
241
+
242
+ **v0.4.0**
243
+ - [ ] Qualys CSV support
244
+ - [ ] REST API
245
+
246
+ **v1.0.0**
247
+ - [ ] Rapid7 and OpenVAS support
248
+ - [ ] Self-hosted Docker edition
249
+ - [ ] Team features
250
+
251
+ Future development priorities will be driven by community feedback and real-world usage.
252
+
253
+ ---
254
+
255
+ ## Requirements
256
+
257
+ - Python 3.10, 3.11, or 3.12
258
+ - pip
259
+ - Internet connection for feed updates (air-gapped use supported after initial download)
260
+ - Nessus .csv export file
261
+
262
+ ---
263
+
264
+ ## Contributing
265
+
266
+ Issues, bug reports, and pull requests are welcome.
267
+
268
+ - **Bug reports and feature requests:** [github.com/PatchVex/vulnpilot/issues](https://github.com/PatchVex/vulnpilot/issues)
269
+ - **Security disclosures:** security@patchvex.com
270
+
271
+ Good first issues are labelled `good first issue` in the issue tracker. Please search existing issues before opening a new one.
272
+
273
+ ---
274
+
275
+ ## Acknowledgements
276
+
277
+ VulnPilot uses publicly available threat intelligence published by:
278
+
279
+ - [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
280
+ - [FIRST Exploit Prediction Scoring System (EPSS)](https://www.first.org/epss/)
281
+
282
+ Thank you to both organizations for maintaining these community resources.
283
+
284
+ ---
285
+
286
+ ## License
287
+
288
+ MIT License — see [LICENSE](LICENSE) for details.
289
+
290
+ Free to use, modify, and distribute. Commercial use permitted.
291
+
292
+ ---
293
+
294
+ ## About PatchVex
295
+
296
+ VulnPilot is built and maintained by [PatchVex](https://patchvex.com).
297
+
298
+ PatchVex builds privacy-first workflow tools for security and DevSecOps teams. Our products help engineers spend less time managing vulnerability data and more time fixing the issues that matter.
299
+
300
+ - Website: [patchvex.com](https://patchvex.com)
301
+ - Email: hello@patchvex.com
302
+ - GitHub: [github.com/PatchVex](https://github.com/PatchVex)
@@ -0,0 +1,40 @@
1
+ [build-system]
2
+ requires = ["setuptools>=68,<72", "wheel"]
3
+ build-backend = "setuptools.build_meta"
4
+
5
+ [project]
6
+ name = "vulnpilot"
7
+ version = "0.1.0"
8
+ description = "Turn vulnerability scan data into prioritized action. Runs locally. Your data never leaves your machine."
9
+ readme = "README.md"
10
+ requires-python = ">=3.10"
11
+ keywords = ["security", "vulnerability", "nessus", "cve", "kev", "epss", "devsecops"]
12
+ classifiers = [
13
+ "Development Status :: 3 - Alpha",
14
+ "Environment :: Console",
15
+ "Intended Audience :: Information Technology",
16
+ "Topic :: Security",
17
+ "Programming Language :: Python :: 3",
18
+ "Programming Language :: Python :: 3.10",
19
+ "Programming Language :: Python :: 3.11",
20
+ "Programming Language :: Python :: 3.12",
21
+ ]
22
+ dependencies = []
23
+
24
+ [project.optional-dependencies]
25
+ dev = ["pytest>=7", "pytest-cov"]
26
+
27
+ [project.scripts]
28
+ vulnpilot = "vulnpilot.cli:main"
29
+
30
+ [project.urls]
31
+ Homepage = "https://patchvex.com"
32
+ Repository = "https://github.com/PatchVex/vulnpilot"
33
+ "Bug Tracker" = "https://github.com/PatchVex/vulnpilot/issues"
34
+
35
+ [tool.setuptools.packages.find]
36
+ where = ["."]
37
+ include = ["vulnpilot*"]
38
+
39
+ [tool.pytest.ini_options]
40
+ testpaths = ["tests"]
@@ -0,0 +1,4 @@
1
+ [egg_info]
2
+ tag_build =
3
+ tag_date = 0
4
+