Jekyll CVE badge

Generates a shields-like badge for a specified CVE. Automatically fetches the CVSS score from NVD and generates the badge accordingly.

2021-09-14-14-29-21

It uses CVSSv3 by default. If the CVE is old and a CVSSv3 is not available, CVSSv2 will be used. The badge itself links to the corresponding page on NVD.

Installation and usage

Add the following to your Gemfile's jekyll_plugins group:

gem "jekyll-cve-badge", :git => "https://github.com/neonsea/jekyll-cve-badge.git"

Run bundler install.

You can then use the tag cve_badge anywhere. For example:

{% cve_badge "CVE-2021-31698" %}

Notes

  • NVD's API is slow, so posts will take quite a lot longer to generate. Not much I can do here
  • Add a cve-badge.html in your _layouts directory for custom styling. The layout is passed the params cve_id, cve_severity, and cve_score

TODO

  • Add flag to just add the badge with no CVSS rating