A client to gather vulnerability-related information from Bluesky.
Project description
BlueSkySight
A client to gather vulnerability-related information from Bluesky. The collected data is then sent to the Vulnerability-Lookup API as sightings.
Installation
pipx is an easy way to install and run Python applications in isolated environments. It's easy to install.
$ pipx install BlueSkySight
$ export BLUESKYSIGHT_CONFIG=~/.BlueSkySight/conf.py
The configuration should be defined in a Python file (e.g., ~/.BlueSkySight/conf.py).
You must then set an environment variable (BLUESKYSIGHT_CONFIG) with the full path to this file.
You can have a look at this example of configuration.
With Docker
git clone https://github.com/vulnerability-lookup/BlueSkySight
cd BlueSkySight
# Make sure conf.py exists in the project root before running
docker compose up --build
[!NOTE] The docker-compose.yml expects a conf.py file in the root directory. You can create it manually or copy the provided example:
$ cp blueskysight/conf_sample.py conf.py
Streaming the Firehose
BlueSkySight-Firehose streams data from the Bluesky's firehose and uses PyVulnerabilityLookup to create sightings in Vulnerability-Lookup.
$ BlueSkySight-Firehose
Connecting to the Bluesky firehose…
Connection established.
Streaming a Jetstream service
BlueSkySight-Jetstream connects to Bluesky's firehose via Jetstream.
$ BlueSkySight-Jetstream --help
usage: BlueSkySight-Jetstream [-h] [--collections COLLECTIONS] [--geo {us-east,us-west}] [--instance {1,2}]
Connect to a Jetstream service.
options:
-h, --help show this help message and exit
--collections COLLECTIONS
The collections to subscribe to. If not provided, subscribe to all.
--geo {us-east,us-west}
Region of the Jetstream service.
--instance {1,2} Instance of the Jetstream service.
$ BlueSkySight-Jetstream
Connecting to the Bluesky Jetstream at wss://jetstream1.us-west.bsky.network/subscribe?wantedCollections=app.bsky.feed.post…
Connection established. Listening for messages…
License
BlueSkySight is licensed under GNU General Public License version 3
Copyright (c) 2024-2026 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2024-2026 Cédric Bonhomme - https://github.com/cedricbonhomme
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file blueskysight-1.2.0.tar.gz.
File metadata
- Download URL: blueskysight-1.2.0.tar.gz
- Upload date:
- Size: 26.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f550f6fcd8420af65a5937fc8dbf1567b5fb1c3202d408009083205e3852bdbe
|
|
| MD5 |
8f22826658388633322f10cf16f13eb7
|
|
| BLAKE2b-256 |
db9e3160b220c6d662b0603f90da39c9f0bc517a50550f9bbca0d68d349e7d60
|
Provenance
The following attestation bundles were made for blueskysight-1.2.0.tar.gz:
Publisher:
release.yml on vulnerability-lookup/BlueSkySight
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
blueskysight-1.2.0.tar.gz -
Subject digest:
f550f6fcd8420af65a5937fc8dbf1567b5fb1c3202d408009083205e3852bdbe - Sigstore transparency entry: 1399365385
- Sigstore integration time:
-
Permalink:
vulnerability-lookup/BlueSkySight@039dc408bc007c96841ac854d3d91132417372a1 -
Branch / Tag:
refs/tags/v1.2.0 - Owner: https://github.com/vulnerability-lookup
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@039dc408bc007c96841ac854d3d91132417372a1 -
Trigger Event:
release
-
Statement type:
File details
Details for the file blueskysight-1.2.0-py3-none-any.whl.
File metadata
- Download URL: blueskysight-1.2.0-py3-none-any.whl
- Upload date:
- Size: 29.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
51af8ab8a1fb8cb5547cf1ab93c8a88a8616dab51d8956531aa2a91c5d71bf44
|
|
| MD5 |
cb7d783968282dac022688be39ce3acc
|
|
| BLAKE2b-256 |
17bb5a6754df118fe5d9c916e27fb26274f3132c1099e53f3390afb74a116742
|
Provenance
The following attestation bundles were made for blueskysight-1.2.0-py3-none-any.whl:
Publisher:
release.yml on vulnerability-lookup/BlueSkySight
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
blueskysight-1.2.0-py3-none-any.whl -
Subject digest:
51af8ab8a1fb8cb5547cf1ab93c8a88a8616dab51d8956531aa2a91c5d71bf44 - Sigstore transparency entry: 1399365414
- Sigstore integration time:
-
Permalink:
vulnerability-lookup/BlueSkySight@039dc408bc007c96841ac854d3d91132417372a1 -
Branch / Tag:
refs/tags/v1.2.0 - Owner: https://github.com/vulnerability-lookup
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@039dc408bc007c96841ac854d3d91132417372a1 -
Trigger Event:
release
-
Statement type:
