Skip to content

Replacement of current cve query mechanism #913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 52 commits into from
Nov 28, 2023
Merged

Replacement of current cve query mechanism #913

merged 52 commits into from
Nov 28, 2023

Conversation

m-1-k-3
Copy link
Member

@m-1-k-3 m-1-k-3 commented Nov 24, 2023
edited
Loading

  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

Rewrite CVE identification functionality from scratch

  • What is the current behavior? (You can also link to an open issue here)

cve-search not working stable since NIST update to new API

  • What is the new behavior (if this is a feature change)? If possible add a screenshot.

Remove cve-search completely and replace it via CVE feed provided by fraunhofer here https://github.com/fkie-cad/nvd-json-data-feeds
Closes #725
Closes #908
Closes e-m-b-a/embark#169
Closes e-m-b-a/embark#170
#187 is obsolete

  • Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)

No need for CVE-search, mongodb, redis, local networking ....
CVE queries are faster
database update more stable
Code in control of EMBA team

  • Other information:

For testing please do the following:

mkdir testing
cd testing
sudo service mongod stop
sudo /etc/init.d/redis-server stop
sudo /etc/init.d/docker restart         
sudo ifconfig emba_runs down                                                                                                                                                                                        
git clone https://github.com/m-1-k-3/emba.git --branch trivy_workflow
cd emba
sudo ./installer.sh -d

@m-1-k-3 m-1-k-3 added enhancement New feature or request docker docker related things Installation Installation issues cve-search Some cve-search question/issue in progress Someone is working on this issue in 3rd party component something in a 3rd party component we are using prio Sponsored priority issue EMBA labels Nov 24, 2023
@m-1-k-3 m-1-k-3 mentioned this pull request Nov 24, 2023
Closed
@m-1-k-3 m-1-k-3 changed the title Replace cve-search Replacement of current cve query mechanism Nov 24, 2023
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Nov 24, 2023

btw ... please give feedback if it is working or if there are any issues!

@m-1-k-3 m-1-k-3 mentioned this pull request Nov 24, 2023
Closed
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Nov 27, 2023

May I try a new install now or should I wait for other changes?

Please give it a try

@BenediktMKuehne BenediktMKuehne mentioned this pull request Nov 27, 2023
Merged
@BenediktMKuehne BenediktMKuehne mentioned this pull request Nov 27, 2023
Closed
@torabi12
Copy link

May I try a new install now or should I wait for other changes?

Please give it a try

Installation was fine and super super fast:)
Scan was also running:
kép

@DuckSound0
Copy link

Installation was fine on my side as well, scan is running. I'm using Kali. Thank you for your work :)

@m-1-k-3 m-1-k-3 marked this pull request as ready for review November 28, 2023 14:22
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Nov 28, 2023

land this baby ... There are some limitations that I will address soon. For now, let's make EMBA work again :-D

BenediktMKuehne
BenediktMKuehne reviewed Nov 28, 2023
View reviewed changes
@m-1-k-3
Copy link
Member Author

m-1-k-3 commented Nov 28, 2023

Thanks for all your testing @torabi12 @brainstorm @BenediktMKuehne @RandomSignals

For further issues please open dedicated issues

@m-1-k-3 m-1-k-3 merged commit 26eab1a into e-m-b-a:master Nov 28, 2023
@custardcream
Copy link

working thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BenediktMKuehne BenediktMKuehne BenediktMKuehne approved these changes

Assignees
No one assigned
Labels
cve-search Some cve-search question/issue docker docker related things EMBA enhancement New feature or request in progress Someone is working on this Installation Installation issues issue in 3rd party component something in a 3rd party component we are using prio Sponsored priority issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-search won't start Package dependency KeyError: epss The NVD plans to retire the remaining legacy data feeds as well as all 1.0 APIs.
6 participants
@m-1-k-3 @brainstorm @torabi12 @DuckSound0 @custardcream @BenediktMKuehne