| Name | threat-db JSON |
| Version |
0.6.3
JSON |
| download |
| home_page | |
| Summary | A graphql server for vulnerabilities powered by dgraph |
| upload_time | 2023-02-09 08:48:38 |
| maintainer | |
| docs_url | None |
| author | Team AppThreat |
| requires_python | >=3.7,<3.11 |
| license | Apache-2.0 |
| keywords |
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Introduction
ThreatDB is a graph database for application components and vulnerabilities powered by dgraph. Currently, CycloneDX 1.4 SBoM and VEX files could be imported and queried with this project.
## Development setup
```
git clone https://github.com/appthreat/threat-db.git
cd threat-db
mkdir -p $HOME/dgraph $HOME/threatdb_data_dir
docker compose up
```
This would start a threat db api server (PORT: 9000) and an instance of [dgraph](https://dgraph.io) standalone (PORTS: 8080, 9080).
## Create schemas
To create the schemas and the first administrator user.
```
git clone https://github.com/appthreat/threat-db.git
pip install poetry
poetry install
export DGRAPH_API_KEY=changeme
poetry run threat_db_admin --init --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql
poetry run threat_db_admin --create-root-user --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql
```
Copy the user id and password from the logs.
## Import data
```
mkdir -p $HOME/threatdb_data_dir
threat_db --data-dir $HOME/threatdb_data_dir
```
When invoked with docker compose, any .vex.json files present in the directory `THREATDB_DATA_DIR` would be imported automatically. For testing purposes, you can download some sample VEX files from [here](https://github.com/appthreat/images-info/actions/workflows/build.yml)
## Rest API
### Generate access token
```
curl -X POST http://0.0.0.0:9000/login -d "username=user id&password=password" -H "Content-Type: application/json"
```
Useful one-liner for automation
```
export ACCESS_TOKEN=$(curl -X POST http://0.0.0.0:9000/login -d '{"username":"username","password":"password"}' -H "Content-Type: application/json" | jq -r '.access_token')
```
```
curl http://0.0.0.0:9000/healthcheck
```
### whoami
```
curl http://0.0.0.0:9000/whoami -H "Authorization: Bearer $ACCESS_TOKEN"
```
### Import data
```
curl -F 'file=@/tmp/bom.json' http://0.0.0.0:9000/import -H "Authorization: Bearer $ACCESS_TOKEN"
```
## Cloud Setup
Refer to the instructions under [contrib](contrib/microk8s/INSTALL.md) to setup a microk8s cluster with threat-db and dgraph.
## Discord support
The developers could be reached via the [discord](https://discord.gg/DCNxzaeUpd) channel.
Raw data
{
"_id": null,
"home_page": "",
"name": "threat-db",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7,<3.11",
"maintainer_email": "",
"keywords": "",
"author": "Team AppThreat",
"author_email": "cloud@appthreat.com",
"download_url": "https://files.pythonhosted.org/packages/d7/6f/16f8852fbc1bd7fd200a05a43d4ed85747977b7bf1015864fd9f45c997bb/threat_db-0.6.3.tar.gz",
"platform": null,
"description": "# Introduction\n\nThreatDB is a graph database for application components and vulnerabilities powered by dgraph. Currently, CycloneDX 1.4 SBoM and VEX files could be imported and queried with this project.\n\n## Development setup\n\n```\ngit clone https://github.com/appthreat/threat-db.git\ncd threat-db\nmkdir -p $HOME/dgraph $HOME/threatdb_data_dir\ndocker compose up\n```\n\nThis would start a threat db api server (PORT: 9000) and an instance of [dgraph](https://dgraph.io) standalone (PORTS: 8080, 9080).\n\n## Create schemas\n\nTo create the schemas and the first administrator user.\n\n```\ngit clone https://github.com/appthreat/threat-db.git\npip install poetry\npoetry install\nexport DGRAPH_API_KEY=changeme\npoetry run threat_db_admin --init --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql\npoetry run threat_db_admin --create-root-user --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql\n```\n\nCopy the user id and password from the logs.\n\n## Import data\n\n```\nmkdir -p $HOME/threatdb_data_dir\nthreat_db --data-dir $HOME/threatdb_data_dir\n```\n\nWhen invoked with docker compose, any .vex.json files present in the directory `THREATDB_DATA_DIR` would be imported automatically. For testing purposes, you can download some sample VEX files from [here](https://github.com/appthreat/images-info/actions/workflows/build.yml)\n\n## Rest API\n\n### Generate access token\n\n```\ncurl -X POST http://0.0.0.0:9000/login -d \"username=user id&password=password\" -H \"Content-Type: application/json\"\n```\n\nUseful one-liner for automation\n\n```\nexport ACCESS_TOKEN=$(curl -X POST http://0.0.0.0:9000/login -d '{\"username\":\"username\",\"password\":\"password\"}' -H \"Content-Type: application/json\" | jq -r '.access_token')\n```\n\n```\ncurl http://0.0.0.0:9000/healthcheck\n```\n\n### whoami\n\n```\ncurl http://0.0.0.0:9000/whoami -H \"Authorization: Bearer $ACCESS_TOKEN\"\n```\n\n### Import data\n\n```\ncurl -F 'file=@/tmp/bom.json' http://0.0.0.0:9000/import -H \"Authorization: Bearer $ACCESS_TOKEN\"\n```\n\n## Cloud Setup\n\nRefer to the instructions under [contrib](contrib/microk8s/INSTALL.md) to setup a microk8s cluster with threat-db and dgraph.\n\n## Discord support\n\nThe developers could be reached via the [discord](https://discord.gg/DCNxzaeUpd) channel.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "A graphql server for vulnerabilities powered by dgraph",
"version": "0.6.3",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8f109163a55681cc4489db629de2c08dc900b3b40d2a1d304a8167f93c6431ec",
"md5": "6110052048c87bd7606fb03e46a73ac1",
"sha256": "5302056d6ba6a8197e669eb2538f49215d8459c3e80b67a6862271cb4434afa4"
},
"downloads": -1,
"filename": "threat_db-0.6.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6110052048c87bd7606fb03e46a73ac1",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7,<3.11",
"size": 23008,
"upload_time": "2023-02-09T08:48:37",
"upload_time_iso_8601": "2023-02-09T08:48:37.662003Z",
"url": "https://files.pythonhosted.org/packages/8f/10/9163a55681cc4489db629de2c08dc900b3b40d2a1d304a8167f93c6431ec/threat_db-0.6.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "d76f16f8852fbc1bd7fd200a05a43d4ed85747977b7bf1015864fd9f45c997bb",
"md5": "45a1ea5aa8426579a667ebf07f12b288",
"sha256": "d99ebc99ccd06e009cd4926546feb4a5f35bc270551b506c8fd61bfcd7c0e19e"
},
"downloads": -1,
"filename": "threat_db-0.6.3.tar.gz",
"has_sig": false,
"md5_digest": "45a1ea5aa8426579a667ebf07f12b288",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7,<3.11",
"size": 20498,
"upload_time": "2023-02-09T08:48:38",
"upload_time_iso_8601": "2023-02-09T08:48:38.764782Z",
"url": "https://files.pythonhosted.org/packages/d7/6f/16f8852fbc1bd7fd200a05a43d4ed85747977b7bf1015864fd9f45c997bb/threat_db-0.6.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-02-09 08:48:38",
"github": false,
"gitlab": false,
"bitbucket": false,
"lcname": "threat-db"
}
