Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


CodeQL Gitter

Table of contents


This repository is the host to the development effort whose objective is to create automated services to further enable the CVE community in their mission.

There are many ways one can assist this project in reaching this objective.

OSS Contributor

As a developer that wants to help contribute code to the project, getting started can be as fast as choosing an issue on our board and joining our Gitter chat to talk with developers about any questions that may come up while getting oriented with the project.

Working Groups

The CVE project operates as several focused working groups.

The Automation Working Group focuses on technical implementation and code contribution. The group meets once a week but the meetings are not mandatory and the mailing list helps to stay in the loop on development progress as meeting notes and agendas are distributed on it. It is not mandatory to become a member of the AWG in order to contribute code.

The Quality Working Group focuses on identifying areas where CVE content, rules, guidelines, and best practices must improve to better support stakeholder use cases. This is a good place to start for sharing desired functionality with the CVE project.

The Strategic Planning Working Group focuses on the long-term strategy (1-5 years) and goals of the CVE Program; works closely with the CVE Board to determine goals and objectives and will act to achieve them. If the desired functionality falls within the SPWG's range, it might be better to become a part of this working group and assist in the future of CVE.


Whether it be submitting an issue for a feature request or a bug report, fixing a typo on some documentation, or assisting with an issue on our GitHub board, we enthusiastically welcome any contribution. If becoming a contributor to the codebase is your goal, please read our contributing guide to get started!


Reporting a Vulnerability

Please do not put vulnerability information in a GitHub issue. Please consult our for specific instructions on reporting a vulnerability that exists in the CVE Services.



This project uses or depends on software from

Style Guidelines

This project uses the following Style Guidelines

Directory layout

Top Level Directory

├── src                     # Source files (This is where the API resides)
├── test                    # Automated tests (This is where the API tests reside)

Src Directory

├── ...
├── src                     # Source files (This is where the API resides)
│   ├── controller/         # All API logic resides here.
│   ├── model/              # All Mongoose Schemas, models, and database logic.
│   ├── middleware/         # Authentication middleware resides inside this folder. 
│   ├── routes.config.js    # This is where routes get created and get tied back to their specific controller. 
│   └── index.js            # Where everything begins.
└── ...


Using Docker

Before trying the AWG docker app, verify your docker setup is working properly using the "Hello World" example container with the following command:

docker run hello-world

You should see a message saying "Hello from Docker!" upon success.

Then refer to the docker README found in the repo here:

Local Development

  1. Install required node modules

This assumes the latest node and npm are installed.

cd cve-services
npm install
  1. Setup and start MongoDB locally

Install MongoDB locally

Download MongoDB Compass (MongoDB GUI)

Create a cve_dev and cve_test database in Compass. The collections will be automatically created when the API starts storing documents.

  1. Start the node application

In order to start a dev environment:

npm run start:dev

Api Documentation

We have established an openapi.yml file that follows the Open API v3.0.2 specification. We are working to keep this up to date with our dev branch as we work towards our first release. We hope to use this to generate some live documentation soon along with an official project page.

Unit Testing

This project uses the following for unit testing

In order to run the unit tests:

npm run start:test