Giters

nxvvvv / cve-monitor

Home Page:https://cve.navaneethkm.me/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE Monitor

cve-monitor pages-build-deployment License: AGPL v3

Documentation 📖

Visit cve-monitor for a demonstration.

Description

GitHub CVE Monitor is a Python script designed to automatically monitor GitHub repositories for Common Vulnerabilities and Exposures (CVE) entries. The script interacts with the GitHub API to retrieve information about repositories related to CVE entries and updates a local SQLite database with relevant details. It also generates a Markdown-formatted README file, providing a summary of CVE entries, including their names, descriptions, and publication dates.

Features

  1. Data Retrieval: Utilizes the GitHub API to fetch information about repositories related to CVE entries for multiple years.
  2. Database Management: Stores retrieved information in a local SQLite database (db/cve.sqlite). The database schema is defined using the Peewee ORM, with a table named CVE_DB to store relevant details.
  3. README File Generation: Creates and updates a Markdown-formatted README file (docs/README.md) summarizing CVE entries, including name, description, and publication date.
  4. CVE Matching: Uses regular expressions to extract CVE identifiers from repository URLs, facilitating accurate identification of CVE entries.
  5. Error Handling: Catches exceptions during network requests and JSON decoding, providing more precise error handling.

GitHub Actions

The script is automatically run by GitHub Actions on a scheduled basis and whenever triggered manually. The workflow file run.yml defines the schedule and steps for the GitHub Actions workflow.

name: cve-monitor

on:
  schedule:
    - cron: '0 1 * * *'
  workflow_dispatch:

jobs:
  cve-monitor:
    runs-on: ubuntu-latest
    timeout-minutes: 45
    environment: CI
    steps:
      - name: checkout the repo
        uses: actions/checkout@v2
      - name: install dependencies
        run: |
          pip3 install -r requirements.txt
      - name: run scraper
        run: |
          python3 main.py
      - name: save changes
        run: |
          git config --global user.email "cve-monitor@users.noreply.github.com"
          git config --global user.name "CVE-Bot"
          git commit --all --message "Regular Updates" || echo "no changes to commit"
          git push

The workflow runs on a daily schedule (cron: '0 1 * * *') and can also be manually triggered using the "workflow_dispatch" event.

Improvements

The code incorporates best practices, such as using ORM for database operations, handling exceptions, and providing descriptive comments. However, there are opportunities for improvement, including using string formatting methods, consistent naming conventions, and more detailed error logging. Additionally, the script could benefit from configuration options for file paths and more modular functions.

License

This project is licensed under the AGPL v3 License - see the LICENSE file for details.

Special thanks to [@JMousqueton](https://github.com/JMousqueton) for the initial project.

About

https://cve.navaneethkm.me/

License:GNU Affero General Public License v3.0

Languages

Language:Python 100.0%