playbooks

home / skills / plurigrid / asi / tizen-cve-scanner

tizen-cve-scanner skill

/skills/tizen-cve-scanner

This skill helps identify known Tizen CVEs in app dependencies and kernel by querying OpenCVE and Samsung updates.

npx playbooks add skill plurigrid/asi --skill tizen-cve-scanner

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.3 KB
---
name: tizen-cve-scanner
description: Scans for known Tizen CVEs in app dependencies and kernel. Checks OpenCVE database and Samsung security updates.
category: tizen-security
author: Tizen Community
source: tizen/security
license: Apache-2.0
trit: -1
trit_label: MINUS
verified: true
featured: true
---

# Tizen Cve Scanner Skill

**Trit**: -1 (MINUS)
**Category**: tizen-security
**Author**: Tizen Community
**Source**: tizen/security
**License**: Apache-2.0

## Description

Scans for known Tizen CVEs in app dependencies and kernel. Checks OpenCVE database and Samsung security updates.

## When to Use

This is a Tizen security/IoT skill. Use when:
- Developing Tizen applications (web, native, .NET)
- Auditing Tizen app security
- Provisioning TizenRT/ARTIK IoT devices
- Implementing Tizen compliance
- Analyzing SMACK policies or Cynara access control

## Tizen Security Model

### SMACK (Simplified Mandatory Access Control Kernel)
- Linux kernel 3.12+ mandatory access control
- Process isolation via labels
- Prevent inter-app resource access

### Cynara
- Fast privilege access control service
- Policy-based permission checking
- External agent integration

### KeyManager
- Central secure storage repository
- Password-protected data access
- Certificate and key management

### Tizen Manifest
- Privilege declarations (public, partner, platform)
- App sandboxing configuration
- Resource access specifications

## Related Skills

- manifest-privilege-validator
- smack-policy-auditor
- tizen-cve-scanner
- sandbox-escape-detector
- cynara-policy-checker
- iot-device-provisioning

## References

- Tizen Official Docs: https://docs.tizen.org/
- Samsung Security Manager: https://github.com/Samsung/security-manager
- Samsung Cynara: https://github.com/Samsung/cynara
- TizenRT: https://github.com/Samsung/TizenRT


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 10. Adventure Game Example

**Concepts**: autonomous agent, game, synthesis

### GF(3) Balanced Triad

```
tizen-cve-scanner (+) + SDF.Ch10 (+) + [balancer] (+) = 0
```

**Skill Trit**: 1 (PLUS - generation)

### Secondary Chapters

- Ch6: Layering

### Connection Pattern

Adventure games synthesize techniques. This skill integrates multiple patterns.

Overview

This skill scans Tizen applications and devices for known CVEs affecting app dependencies and the kernel. It cross-references the OpenCVE database and Samsung security updates to surface relevant vulnerabilities and suggested fixes. The goal is quick, actionable findings to support development, audits, and device provisioning.

How this skill works

The scanner inspects application dependency manifests and installed kernel packages to map components to known CVEs. It queries OpenCVE and Samsung security advisories, correlates versions and patch status, and reports matches with severity, CVE IDs, and recommended remediation steps. Results highlight issues in native, web, and .NET apps as well as kernel-level exposures relevant to SMACK and Cynara policies.

When to use it

  • During development of Tizen web, native, or .NET applications before release
  • As part of security audits or pre-deployment checks for Tizen devices
  • When provisioning TizenRT or ARTIK IoT devices to verify known vulnerabilities
  • While validating compliance with Tizen security policies and platform updates
  • When investigating potential sandbox escapes or privilege misuse involving SMACK/Cynara

Best practices

  • Run scans early and integrate into CI so vulnerabilities are found before release
  • Keep dependency manifests and device package lists up to date for accurate matching
  • Prioritize fixes by severity and exploitability; apply vendor patches when available
  • Combine scanner output with SMACK and Cynara policy reviews for defense-in-depth
  • Document remediation steps and track CVE status until patches are verified

Example use cases

  • A Tizen app team scans third-party libraries to detect outdated crypto or networking libs with known CVEs
  • An IoT fleet operator checks devices against Samsung security advisories before rolling out firmware
  • A security auditor combines CVE findings with SMACK policy analysis to assess attack surface
  • A provisioning workflow blocks device enrollment if critical kernel CVEs are present
  • A developer uses scan output to prioritize dependency upgrades in sprint planning

FAQ

Does the scanner detect kernel and userland CVEs?

Yes. It checks both kernel packages and userland dependencies, correlating component versions with CVE records.

Which databases are used for vulnerability information?

The scanner queries OpenCVE and Samsung security advisories to provide vendor-relevant and public CVE data.