Best practices for running multiple scans at once¶
If you’re running multiple instances of cve-bin-tool at once, you could potentially cause a race condition where multiple processes are trying to update the database from nvd at the same time. This is not ideal.
To avoid this, you should use a single command to run the nvd update, then turn off the updater in all other copies.
Step 1: Update¶
To update (without scanning) you can use the following command:
cve-bin-tool -u now
We recommend once per day, but this can be more frequently or less frequently depending on your needs. Ideally, you want to be sure this completes before you kick off any other scans, so that you aren’t checking against a partial database.
Step 2: Scan¶
Each parallel instance of cve-bin-tool can then be invoked as follows:
cve-bin-tool -u never $path_to_directory_or_file