Summary

Improvements have been made to our rpm2 package handling library to increase speed and efficiency. Specifically, the package data collected during a scan in each rpm-list KB item is parsed and preserved into the KB, allowing them to survive between plugin executions. As a result, the work of parsing that data is now only done once, instead of once per plugin execution.

Additionally, support for performing rpm checks against Source Packages has been added. This allows plugins to make a single call to perform checks against all of a Source Package’s associated Binary Packages.

Change

Improved Package Handling

Instead of storing RPM package data in a variable that disappears after plugin execution, our rpm2 package handling library now stores that data in the KB using the following format:

Host/rpm/pkg/<package name>= RPM Name

In the event that there are multiple versions of the same package, they each get stored under the package name:

Host/rpm/pkg/<package name>= RPM Name (ver 2.1.3)

Host/rpm/pkg/<package name>= RPM Name (ver 2.4.0)

This allows easy organization and retrieval by the rpm2 package handling library.

Once all the package data is stored in the KB, we add this additional item:

Host/rpm-processed=1

If this KB item is found, it indicates that we’ve already parsed and stored the package data and do not need to do so again.

Top-level library functions that calling plugins leverage have been updated to use these new KB items.

Source Package Support

A “source” argument has been added to key library calls to also perform a Source Package Check against the given reference when handling rpm packages to determine all the associated Binaries of the specified Source Package and perform normal rpm checks on each.

Each of the associated Binary Packages will be reported accordingly, and if any were vulnerable installs were found on the host, the initiating rpm check call will return 1

Example:

my_source_package builds:

my_bin_package A,

my_bin_package B,

my_bin_package C

rpm_check(reference:my_source_package, source:true)

-> rpm_check(reference:my_bin_package A) returns 0

-> rpm_check(reference:my_bin_package B) returns 0

-> rpm_check(reference:my_bin_package C) returns 1

At least one bin package was vulnerable, so return 1

Impact

No change is needed for plugins already using rpm2 package handling library to take advantage of these Package Handling improvements.Customers will see the exact same results as they would have before this change, but their scans may be slightly faster.

Note: Currently no plugins take advantage of the new library Source Package Support functionality.

Target Release Date

April 29, 2026