Giters

ChocPanda / nist-data-mirror

A simple Java command-line utility to mirror the CVE XML and JSON data from NIST.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Build Status Codacy Badge License

NIST Data Mirror

A simple Java command-line utility to mirror the NVD (CPE/CVE XML and JSON) data from NIST.

The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.

nist-data-mirror does not rely on any third-party dependencies, only the Java SE core libraries. It can be used in combination with OWASP Dependency-Check in order to provide Dependency-Check a mirrored copy of NIST data.

For best results, use nist-data-mirror with cron or another scheduler to keep the mirrored data fresh.

Usage

Building

mvn clean package

Running

java -jar nist-data-mirror.jar <mirror-directory> [xml|json]

Omitting filetype argument will result in both filetypes being downloaded.

To use a proxy provide http.proxyHost / http.proxyPort system properties.

Downloading

If you do not wish to download sources and compile yourself, pre-compiled binaries are available for use. NIST Data Mirror is also available on the Maven Central Repository.

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>nist-data-mirror</artifactId>
    <version>1.3.0</version>
</dependency>

Docker

A dockerfile was created, but the image has not been pushed. This was created to assist in debugging other issues. While the image does create an httpd instance that mirrors the NVD CVE data feeds - note that it also creates a backup for all changed files and there is currently no automatic cleanup.

$ mvn clean package
$ docker build --rm -t sspringett/nvdmirror .
$ mkdir target/docs
$ docker run -dit \
  --name mirror \
  -p 80:80 \
  --mount type=bind,source="$(pwd)"/target/docs/,target=/usr/local/apache2/htdocs \
  sspringett/nvdmirror

The httpd server will take a minute to spin up as it is mirroring the initial NVD files.

Related Projects

Copyright & License

nist-data-mirror is Copyright (c) Steve Springett. All Rights Reserved.

Dependency-Check is Copyright (c) Jeremy Long. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE] Apache 2.0 file for the full license.

About

A simple Java command-line utility to mirror the CVE XML and JSON data from NIST.

License:Apache License 2.0

Languages

Language:Java 78.2%Language:Shell 13.4%Language:Dockerfile 8.4%