| Name | greenbone-scap JSON |
| Version |
0.1.0
JSON |
| download |
| home_page | None |
| Summary | Python library for downloading CVE and CPE from NIST NVD |
| upload_time | 2024-03-20 14:23:05 |
| maintainer | None |
| docs_url | None |
| author | Greenbone |
| requires_python | <4.0,>=3.11 |
| license | GPL-3.0-or-later |
| keywords |
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# greenbone-scap - Python library for downloading CVE and CPE from NIST NVD <!-- omit in toc -->
[](https://github.com/greenbone/greenbone-scap/releases)
[](https://pypi.org/project/greenbone-scap/)
[](https://github.com/greenbone/greenbone-scap/actions/workflows/ci-python.yml)
The **greenbone-scap** Python package is a collection of utilities and tools to
download the CPE and CVE information from the [NIST NVD REST API](https://nvd.nist.gov/developers)
into a PostgreSQL database.
## Table of Contents <!-- omit in toc -->
- [Installation](#installation)
- [Requirements](#requirements)
- [Install using pipx](#install-using-pipx)
- [Install using pip](#install-using-pip)
- [Usage](#usage)
- [Docker Compose](#docker-compose)
- [Command Completion](#command-completion)
- [Setup for bash](#setup-for-bash)
- [Setup for zsh](#setup-for-zsh)
- [Development](#development)
- [Maintainer](#maintainer)
- [Contributing](#contributing)
- [License](#license)
## Installation
### Requirements
Python 3.11 and later is supported.
### Install using pipx
You can install the latest stable release of **greenbone-scap** from the [Python
Package Index (pypi)][pypi] using [pipx]
python3 -m pipx install greenbone-scap
### Install using pip
> [!NOTE]
> The `pip install` command does no longer work out-of-the-box in newer
> distributions like Ubuntu 23.04 because of [PEP 668](https://peps.python.org/pep-0668).
> Please use the [installation via pipx](#install-using-pipx) instead.
You can install the latest stable release of **greenbone-scap** from the [Python
Package Index (pypi)][pypi] using [pip]
python3 -m pip install --user greenbone-scap
## Usage
The **greenbone-scap** Python package provides three tools,
* `greenbone-cve-download` to download all CVE information from NIST NVD into
a PostgreSQL database,
* `greenbone-cpe-download` to download all CPE information from NIST NVD into a
PostgreSQL database and
* `greenbone-cpe-find` to search for specific CPEs in the PostgreSQL database.
All three tools require to setup a PostgreSQL database to work correctly. The
parameters for the PostgreSQL database like host, port, username and password
can be set via environment variables or passed as CLI arguments.
## Docker Compose
The tools are easiest to use via the provided [docker compose](https://docs.docker.com/compose/)
[file](./docker/compose.yml). For a quick setup the following commands can be
used:
```sh
cd docker
echo "DATABASE_PASSWORD=my-super-safe-password" > .env
docker compose up
```
Additionally a [NIST API key](https://nvd.nist.gov/developers/request-an-api-key)
can be used to extend the rate limits for the download.
```sh
echo "NVD_API_KEY=my-nist-api-key" >> .env
```
On the first startup all CPE and CVE information will be downloaded. This will
take some hours depending on your network connection and the server reliability
at NIST. On the next startup only the changed and new CPEs and CVEs since the
previous startup are updated or created.
To only download CPEs run `docker compose up cpe` and to only download CVEs
`docker compose up cve`.
To re-download and re-update all CPE and CVE information the data volume can be
deleted by running `docker volume rm greenbone-scap_data`.
To restart from scratch all containers have to be shutdown and the volumes have
to be removed. This can be done by running `docker compose down -v`.
## Command Completion
`greenbone-scap` comes with support for command line completion in bash and zsh.
All greenbone-scap CLI commands support shell completion. As examples the
following sections explain how to set up the completion for `greenbone-cve-download`
with bash and zsh.
### Setup for bash
```bash
echo "source ~/.greenbone-cve-download-complete.bash" >> ~/.bashrc
greenbone-cve-download --print-completion bash > ~/.greenbone-cve-download-complete.bash
```
Alternatively, you can use the result of the completion command directly with
the eval function of your bash shell:
```bash
eval "$(greenbone-cve-download --print-completion bash)"
```
### Setup for zsh
```zsh
echo 'fpath=("$HOME/.zsh.d" $fpath)' >> ~/.zsh
mkdir -p ~/.zsh.d/
greenbone-cve-download --print-completion zsh > ~/.zsh.d/_greenbone_cve_download
```
Alternatively, you can use the result of the completion command directly with
the eval function of your zsh shell:
```bash
eval "$(greenbone-cve-download --print-completion zsh)"
```
## Development
**greenbone-scap** uses [poetry] for its own dependency management and build
process.
First install poetry via [pipx]
python3 -m pipx install poetry
Afterwards run
poetry install
in the checkout directory of **greenbone-scap** (the directory containing the
`pyproject.toml` file) to install all dependencies including the packages only
required for development.
Afterwards activate the git hooks for auto-formatting and linting via
[autohooks].
poetry run autohooks activate
Validate the activated git hooks by running
poetry run autohooks check
## Maintainer
This project is maintained by [Greenbone AG][Greenbone]
## Contributing
Your contributions are highly appreciated. Please
[create a pull request](https://github.com/greenbone/greenbone-scap/pulls)
on GitHub. Bigger changes need to be discussed with the development team via the
[issues section at GitHub](https://github.com/greenbone/greenbone-scap/issues)
first.
## License
Copyright (C) 2024 [Greenbone AG][Greenbone]
Licensed under the [GNU General Public License v3.0 or later](LICENSE).
[Greenbone]: https://www.greenbone.net/
[poetry]: https://python-poetry.org/
[pip]: https://pip.pypa.io/
[pipx]: https://pypa.github.io/pipx/
[autohooks]: https://github.com/greenbone/autohooks
[pypi]: https://pypi.org
Raw data
{
"_id": null,
"home_page": null,
"name": "greenbone-scap",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.11",
"maintainer_email": null,
"keywords": null,
"author": "Greenbone",
"author_email": "info@greenbone.net",
"download_url": "https://files.pythonhosted.org/packages/01/88/45b2dc7a459e1716fdf674ef80385eac1745da56ac93b1fc81279038990f/greenbone_scap-0.1.0.tar.gz",
"platform": null,
"description": "\n\n# greenbone-scap - Python library for downloading CVE and CPE from NIST NVD <!-- omit in toc -->\n\n[](https://github.com/greenbone/greenbone-scap/releases)\n[](https://pypi.org/project/greenbone-scap/)\n[](https://github.com/greenbone/greenbone-scap/actions/workflows/ci-python.yml)\n\nThe **greenbone-scap** Python package is a collection of utilities and tools to\ndownload the CPE and CVE information from the [NIST NVD REST API](https://nvd.nist.gov/developers)\ninto a PostgreSQL database.\n\n## Table of Contents <!-- omit in toc -->\n\n- [Installation](#installation)\n - [Requirements](#requirements)\n - [Install using pipx](#install-using-pipx)\n - [Install using pip](#install-using-pip)\n- [Usage](#usage)\n- [Docker Compose](#docker-compose)\n- [Command Completion](#command-completion)\n - [Setup for bash](#setup-for-bash)\n - [Setup for zsh](#setup-for-zsh)\n- [Development](#development)\n- [Maintainer](#maintainer)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Installation\n\n### Requirements\n\nPython 3.11 and later is supported.\n\n### Install using pipx\n\nYou can install the latest stable release of **greenbone-scap** from the [Python\nPackage Index (pypi)][pypi] using [pipx]\n\n python3 -m pipx install greenbone-scap\n\n### Install using pip\n\n> [!NOTE]\n> The `pip install` command does no longer work out-of-the-box in newer\n> distributions like Ubuntu 23.04 because of [PEP 668](https://peps.python.org/pep-0668).\n> Please use the [installation via pipx](#install-using-pipx) instead.\n\nYou can install the latest stable release of **greenbone-scap** from the [Python\nPackage Index (pypi)][pypi] using [pip]\n\n python3 -m pip install --user greenbone-scap\n\n## Usage\n\nThe **greenbone-scap** Python package provides three tools,\n\n* `greenbone-cve-download` to download all CVE information from NIST NVD into\n a PostgreSQL database,\n* `greenbone-cpe-download` to download all CPE information from NIST NVD into a\n PostgreSQL database and\n* `greenbone-cpe-find` to search for specific CPEs in the PostgreSQL database.\n\nAll three tools require to setup a PostgreSQL database to work correctly. The\nparameters for the PostgreSQL database like host, port, username and password\ncan be set via environment variables or passed as CLI arguments.\n\n## Docker Compose\n\nThe tools are easiest to use via the provided [docker compose](https://docs.docker.com/compose/)\n[file](./docker/compose.yml). For a quick setup the following commands can be\nused:\n\n```sh\ncd docker\necho \"DATABASE_PASSWORD=my-super-safe-password\" > .env\ndocker compose up\n```\n\nAdditionally a [NIST API key](https://nvd.nist.gov/developers/request-an-api-key)\ncan be used to extend the rate limits for the download.\n\n```sh\necho \"NVD_API_KEY=my-nist-api-key\" >> .env\n```\n\nOn the first startup all CPE and CVE information will be downloaded. This will\ntake some hours depending on your network connection and the server reliability\nat NIST. On the next startup only the changed and new CPEs and CVEs since the\nprevious startup are updated or created.\n\nTo only download CPEs run `docker compose up cpe` and to only download CVEs\n`docker compose up cve`.\n\nTo re-download and re-update all CPE and CVE information the data volume can be\ndeleted by running `docker volume rm greenbone-scap_data`.\n\nTo restart from scratch all containers have to be shutdown and the volumes have\nto be removed. This can be done by running `docker compose down -v`.\n\n## Command Completion\n\n`greenbone-scap` comes with support for command line completion in bash and zsh.\nAll greenbone-scap CLI commands support shell completion. As examples the\nfollowing sections explain how to set up the completion for `greenbone-cve-download`\nwith bash and zsh.\n\n### Setup for bash\n\n```bash\necho \"source ~/.greenbone-cve-download-complete.bash\" >> ~/.bashrc\ngreenbone-cve-download --print-completion bash > ~/.greenbone-cve-download-complete.bash\n```\n\nAlternatively, you can use the result of the completion command directly with\nthe eval function of your bash shell:\n\n```bash\neval \"$(greenbone-cve-download --print-completion bash)\"\n```\n\n### Setup for zsh\n\n```zsh\necho 'fpath=(\"$HOME/.zsh.d\" $fpath)' >> ~/.zsh\nmkdir -p ~/.zsh.d/\ngreenbone-cve-download --print-completion zsh > ~/.zsh.d/_greenbone_cve_download\n```\n\nAlternatively, you can use the result of the completion command directly with\nthe eval function of your zsh shell:\n\n```bash\neval \"$(greenbone-cve-download --print-completion zsh)\"\n```\n\n## Development\n\n**greenbone-scap** uses [poetry] for its own dependency management and build\nprocess.\n\nFirst install poetry via [pipx]\n\n python3 -m pipx install poetry\n\nAfterwards run\n\n poetry install\n\nin the checkout directory of **greenbone-scap** (the directory containing the\n`pyproject.toml` file) to install all dependencies including the packages only\nrequired for development.\n\nAfterwards activate the git hooks for auto-formatting and linting via\n[autohooks].\n\n poetry run autohooks activate\n\nValidate the activated git hooks by running\n\n poetry run autohooks check\n\n\n## Maintainer\n\nThis project is maintained by [Greenbone AG][Greenbone]\n\n## Contributing\n\nYour contributions are highly appreciated. Please\n[create a pull request](https://github.com/greenbone/greenbone-scap/pulls)\non GitHub. Bigger changes need to be discussed with the development team via the\n[issues section at GitHub](https://github.com/greenbone/greenbone-scap/issues)\nfirst.\n\n## License\n\nCopyright (C) 2024 [Greenbone AG][Greenbone]\n\nLicensed under the [GNU General Public License v3.0 or later](LICENSE).\n\n[Greenbone]: https://www.greenbone.net/\n[poetry]: https://python-poetry.org/\n[pip]: https://pip.pypa.io/\n[pipx]: https://pypa.github.io/pipx/\n[autohooks]: https://github.com/greenbone/autohooks\n[pypi]: https://pypi.org\n\n",
"bugtrack_url": null,
"license": "GPL-3.0-or-later",
"summary": "Python library for downloading CVE and CPE from NIST NVD",
"version": "0.1.0",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "bc8fbde8287b1c5c9bc56b3c28c360dc2d32478bbf3cfa3838eccdfb29090290",
"md5": "8453211444fe2595d4b1a78827a1a886",
"sha256": "af9585ca87c85e0a987f59d4f72c493298bf0d330e9cd85c24b70dec9f4bef2b"
},
"downloads": -1,
"filename": "greenbone_scap-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "8453211444fe2595d4b1a78827a1a886",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.11",
"size": 40723,
"upload_time": "2024-03-20T14:23:04",
"upload_time_iso_8601": "2024-03-20T14:23:04.039466Z",
"url": "https://files.pythonhosted.org/packages/bc/8f/bde8287b1c5c9bc56b3c28c360dc2d32478bbf3cfa3838eccdfb29090290/greenbone_scap-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "018845b2dc7a459e1716fdf674ef80385eac1745da56ac93b1fc81279038990f",
"md5": "32b64ceeb65de92911e33d0e043012ce",
"sha256": "6243e6f1bac62a5dbe97e9f1ceace43dbf0614c80fe1a4c7115cb35bfcaf40c4"
},
"downloads": -1,
"filename": "greenbone_scap-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "32b64ceeb65de92911e33d0e043012ce",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.11",
"size": 38271,
"upload_time": "2024-03-20T14:23:05",
"upload_time_iso_8601": "2024-03-20T14:23:05.735190Z",
"url": "https://files.pythonhosted.org/packages/01/88/45b2dc7a459e1716fdf674ef80385eac1745da56ac93b1fc81279038990f/greenbone_scap-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-20 14:23:05",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "greenbone-scap"
}
