Python library for downloading CVE and CPE from NIST NVD
Project description
greenbone-scap - Python library for downloading CVE and CPE from NIST NVD
The greenbone-scap Python package is a collection of utilities and tools to download the CPE and CVE information from the NIST NVD REST API into a PostgreSQL database.
Table of Contents
Installation
Requirements
Python 3.11 and later is supported.
Install using pipx
You can install the latest stable release of greenbone-scap from the Python Package Index (pypi) using pipx
python3 -m pipx install greenbone-scap
Install using pip
[!NOTE] The
pip installcommand does no longer work out-of-the-box in newer distributions like Ubuntu 23.04 because of PEP 668. Please use the installation via pipx instead.
You can install the latest stable release of greenbone-scap from the Python Package Index (pypi) using pip
python3 -m pip install --user greenbone-scap
Usage
The greenbone-scap Python package provides three tools,
greenbone-cve-downloadto download all CVE information from NIST NVD into a PostgreSQL database,greenbone-cpe-downloadto download all CPE information from NIST NVD into a PostgreSQL database andgreenbone-cpe-findto search for specific CPEs in the PostgreSQL database.
All three tools require to setup a PostgreSQL database to work correctly. The parameters for the PostgreSQL database like host, port, username and password can be set via environment variables or passed as CLI arguments.
Docker Compose
The tools are easiest to use via the provided docker compose file. For a quick setup the following commands can be used:
cd docker
echo "DATABASE_PASSWORD=my-super-safe-password" > .env
docker compose up
Additionally a NIST API key can be used to extend the rate limits for the download.
echo "NVD_API_KEY=my-nist-api-key" >> .env
On the first startup all CPE and CVE information will be downloaded. This will take some hours depending on your network connection and the server reliability at NIST. On the next startup only the changed and new CPEs and CVEs since the previous startup are updated or created.
To only download CPEs run docker compose up cpe and to only download CVEs
docker compose up cve.
To re-download and re-update all CPE and CVE information the data volume can be
deleted by running docker volume rm greenbone-scap_data.
To restart from scratch all containers have to be shutdown and the volumes have
to be removed. This can be done by running docker compose down -v.
The PostgreSQL database can be accessed from the docker host via
psql -U scap -h localhost -p 5432 scap and using the defined database password
from the .env file.
Command Completion
greenbone-scap comes with support for command line completion in bash and zsh.
All greenbone-scap CLI commands support shell completion. As examples the
following sections explain how to set up the completion for greenbone-cve-download
with bash and zsh.
Setup for bash
echo "source ~/.greenbone-cve-download-complete.bash" >> ~/.bashrc
greenbone-cve-download --print-completion bash > ~/.greenbone-cve-download-complete.bash
Alternatively, you can use the result of the completion command directly with the eval function of your bash shell:
eval "$(greenbone-cve-download --print-completion bash)"
Setup for zsh
echo 'fpath=("$HOME/.zsh.d" $fpath)' >> ~/.zsh
mkdir -p ~/.zsh.d/
greenbone-cve-download --print-completion zsh > ~/.zsh.d/_greenbone_cve_download
Alternatively, you can use the result of the completion command directly with the eval function of your zsh shell:
eval "$(greenbone-cve-download --print-completion zsh)"
Development
greenbone-scap uses poetry for its own dependency management and build process.
First install poetry via pipx
python3 -m pipx install poetry
Afterwards run
poetry install
in the checkout directory of greenbone-scap (the directory containing the
pyproject.toml file) to install all dependencies including the packages only
required for development.
Afterwards activate the git hooks for auto-formatting and linting via autohooks.
poetry run autohooks activate
Validate the activated git hooks by running
poetry run autohooks check
Maintainer
This project is maintained by Greenbone AG
Contributing
Your contributions are highly appreciated. Please create a pull request on GitHub. Bigger changes need to be discussed with the development team via the issues section at GitHub first.
License
Copyright (C) 2024 Greenbone AG
Licensed under the GNU General Public License v3.0 or later.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file greenbone_scap-0.2.0.tar.gz.
File metadata
- Download URL: greenbone_scap-0.2.0.tar.gz
- Upload date:
- Size: 38.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 8d63697f20dc3d5009ec23476efb35faafd89940e68a30d8a14d141c33d88569 |
|
| MD5 | e54e001dc4677745767848764947afcd |
|
| BLAKE2b-256 | 6b908825b805479241e8e4f67728fe6491aaf1bf143a9ae298c94e520bbcfe45 |
File details
Details for the file greenbone_scap-0.2.0-py3-none-any.whl.
File metadata
- Download URL: greenbone_scap-0.2.0-py3-none-any.whl
- Upload date:
- Size: 41.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2fcb901e9cdefe4862de63f7a2e3bbfb2b8e3a8cac61528100e69652fa8e5ee8 |
|
| MD5 | 904d507990ebf784a8919fb08d2e0b9a |
|
| BLAKE2b-256 | f91e188446d40027e8d34d42a316f24111a17473eebda676c0b4bc141998d55b |
