Hello M G, thank you for your patience.
The current problem with Vulnerability Detector for Windows is that it is limited to the existing translations in the
CPE Helper, because the packages installed on Windows are not standardized like on Linux, and this means that we cannot easily obtain their CPE based on
vendor and
package name information.
Therefore, it currently detects vulnerabilities in packages listed in the following dictionary:
You can modify the CPE Helper manually to add new package translations to detect vulnerabilities in those new entries. Below is a step-by-step guide to adding new translations:
> Note that when you upgrade the manager, the CPE Helper will be overwritten, so I recommend that you keep a copy of the
cpe_helper.json that you modify, so that you can replace it when you upgrade the manager.
We are already working on a Vulnerability Detector refactor, where we will normalize these translations so that they don't need to be added manually, and these package vulnerabilities will be detected correctly:
Please check the links, examples, documentation and guides, they should be helpful. In any case, do not hesitate to contact us again to try to help you. I hope to be helpful.