Cve-bin-tool

The 2.2.1 release relaxes the behaviour when file extraction fails, which was causing problems for some users scanning files with .exe and .apk file extensions using the previous release. In 2.2 all extraction fails caused the tool to halt and throw an exception, in 2.2.1 the tool will log a warning and continue.

The 2.2 release contains a number of bugfixes and improvements thanks to the many students who contributed as part of our Google Summer of Code selection process. Congratulations to BreadGenie, imsahil007 and peb-peb who will be continuing to work with us for the next few months!

New feature highlights:
- CVE Binary Tool can now be used to get lists of vulnerabilities affecting a python requirements.txt file, as well as lists of packages installed on .deb or .rpm based systems (Thanks to BreadGenie)
- Scan reports can now be merged (Thanks to imsahil007)
- Reports can now be generated in PDF format (Thanks to anthonyharrison)
- A new helper script is available to help new contributors find appropriate patterns for new checkers (Thanks to peb-peb)
- Reports can now be generated even if no CVEs are found (Thanks to BreadGenie)
- We've added rate limiting for our NVD requests (Thanks to nisamson, param211, bhargavh)

There are also a number of new checkers and bug fixes.

Thanks also to jerinjtitus, Molkree, alt-glitch, CabTheProgrammer, Romi-776, chaitanyamogal, Rahul2044, utkarsh147-del , SinghHrmn, SaurabhK122, pdxjohnny and terriko for their contributions to this release.

Rate limiting temporary fix in response to NVD API update

This release fixes an issue with jinja2 autoescape breaking the HTML reports and includes some updates to tests.

Release date: 12 Nov 2020

This release features code from our three successful Google Summer of Code students!

* SinghHrmn made improvements to our output formats, including adding a new HTML human-readable report format. You can try out a demo at <https://intel.github.io/cve-bin-tool/>
* Read [Harmandeep's final GSoC report](https://gist.github.com/SinghHrmn/dd83b31b22bf73e45bd8489117e20a96) for more details.

* Niraj-Kamdar improved the performance of cve-bin-tool and its tests, provided significant code modernization and added input modes so you can now add and re-use triage data with your scans.
* Read [Niraj's final GSoC report](https://dev.to/nirajkamdar/cve-binary-tool-gsoc-final-report-4nlk) for more details

* SaurabhK122 added a huge number of new checkers to the tool, both in this release and the previous one.
* Read [Saurabh's final GSoC report](https://gist.github.com/SaurabhK122/a32947749fde10cfea80bdbd1f388da6) for more details

Thanks also to the mentors who worked with our students this year: terriko, pdxjohnny, meflin, mdwood-intel and unofficial mentor anthonyharrison who helped us considerably with real-world feedback.

This release also includes contributions from the following new contributors:

* anthonyharrison
* imsahil007
* chaitanyamogal
* Rahul2044
* Wicked7000
* willmcgugan
* kritirikhi
* sakshatshinde

This is an alpha release for people interested in trying out an early preview of 2.0. Major features include performance improvements, triage options, new output modes, and many new checkers thanks to our Google Summer of Code students Niraj-Kamdar, SinghHrmn and SaurabhK122 . Thanks for an incredibly productive summer!

We are expecting to make some documentation improvements before the final release, which we hope to have out next week.