Visit cve-monitor for a demonstration.
GitHub CVE Monitor is a Python script designed to automatically monitor GitHub repositories for Common Vulnerabilities and Exposures (CVE) entries. The script interacts with the GitHub API to retrieve information about repositories related to CVE entries and updates a local SQLite database with relevant details. It also generates a Markdown-formatted README file, providing a summary of CVE entries, including their names, descriptions, and publication dates.
- Data Retrieval: Utilizes the GitHub API to fetch information about repositories related to CVE entries for multiple years.
- Database Management: Stores retrieved information in a local SQLite database (
db/cve.sqlite
). The database schema is defined using the Peewee ORM, with a table namedCVE_DB
to store relevant details. - README File Generation: Creates and updates a Markdown-formatted README file (
docs/README.md
) summarizing CVE entries, including name, description, and publication date. - CVE Matching: Uses regular expressions to extract CVE identifiers from repository URLs, facilitating accurate identification of CVE entries.
- Error Handling: Catches exceptions during network requests and JSON decoding, providing more precise error handling.
The script is automatically run by GitHub Actions on a scheduled basis and whenever triggered manually. The workflow file run.yml
defines the schedule and steps for the GitHub Actions workflow.
name: cve-monitor
on:
schedule:
- cron: '0 1 * * *'
workflow_dispatch:
jobs:
cve-monitor:
runs-on: ubuntu-latest
timeout-minutes: 45
environment: CI
steps:
- name: checkout the repo
uses: actions/checkout@v2
- name: install dependencies
run: |
pip3 install -r requirements.txt
- name: run scraper
run: |
python3 main.py
- name: save changes
run: |
git config --global user.email "cve-monitor@users.noreply.github.com"
git config --global user.name "CVE-Bot"
git commit --all --message "Regular Updates" || echo "no changes to commit"
git push
The workflow runs on a daily schedule (cron: '0 1 * * *'
) and can also be manually triggered using the "workflow_dispatch" event.
The code incorporates best practices, such as using ORM for database operations, handling exceptions, and providing descriptive comments. However, there are opportunities for improvement, including using string formatting methods, consistent naming conventions, and more detailed error logging. Additionally, the script could benefit from configuration options for file paths and more modular functions.
This project is licensed under the AGPL v3 License - see the LICENSE file for details.