A graphql server for vulnerabilities powered by dgraph
Project description
Introduction
ThreatDB is a graph database for application components and vulnerabilities powered by dgraph. Currently, CycloneDX 1.4 SBoM and VEX files could be imported and queried with this project.
Development setup
git clone https://github.com/appthreat/threat-db.git
cd threat-db
mkdir -p $HOME/dgraph $HOME/threatdb_data_dir
docker compose up
This would start a threat db api server (PORT: 9000) and an instance of dgraph standalone (PORTS: 8080, 9080).
Create schemas
To create the schemas and the first administrator user.
git clone https://github.com/appthreat/threat-db.git
pip install poetry
poetry install
export DGRAPH_API_KEY=changeme
poetry run threat_db_admin --init --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql
poetry run threat_db_admin --create-root-user --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql
Copy the user id and password from the logs.
Import data
mkdir -p $HOME/threatdb_data_dir
threat_db --data-dir $HOME/threatdb_data_dir
When invoked with docker compose, any .vex.json files present in the directory THREATDB_DATA_DIR would be imported automatically. For testing purposes, you can download some sample VEX files from here
Rest API
Generate access token
curl -X POST http://0.0.0.0:9000/login -d "username=user id&password=password" -H "Content-Type: application/json"
Useful one-liner for automation
export ACCESS_TOKEN=$(curl -X POST http://0.0.0.0:9000/login -d '{"username":"username","password":"password"}' -H "Content-Type: application/json" | jq -r '.access_token')
curl http://0.0.0.0:9000/healthcheck
whoami
curl http://0.0.0.0:9000/whoami -H "Authorization: Bearer $ACCESS_TOKEN"
Import data
curl -F 'file=@/tmp/bom.json' http://0.0.0.0:9000/import -H "Authorization: Bearer $ACCESS_TOKEN"
Cloud Setup
Refer to the instructions under contrib to setup a microk8s cluster with threat-db and dgraph.
Discord support
The developers could be reached via the discord channel.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file threat_db-0.6.3.tar.gz.
File metadata
- Download URL: threat_db-0.6.3.tar.gz
- Upload date:
- Size: 20.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.3.2 CPython/3.10.9 Linux/5.15.0-1031-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d99ebc99ccd06e009cd4926546feb4a5f35bc270551b506c8fd61bfcd7c0e19e |
|
| MD5 | 45a1ea5aa8426579a667ebf07f12b288 |
|
| BLAKE2b-256 | d76f16f8852fbc1bd7fd200a05a43d4ed85747977b7bf1015864fd9f45c997bb |
File details
Details for the file threat_db-0.6.3-py3-none-any.whl.
File metadata
- Download URL: threat_db-0.6.3-py3-none-any.whl
- Upload date:
- Size: 23.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.3.2 CPython/3.10.9 Linux/5.15.0-1031-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5302056d6ba6a8197e669eb2538f49215d8459c3e80b67a6862271cb4434afa4 |
|
| MD5 | 6110052048c87bd7606fb03e46a73ac1 |
|
| BLAKE2b-256 | 8f109163a55681cc4489db629de2c08dc900b3b40d2a1d304a8167f93c6431ec |
