Skip to content
No description, website, or topics provided.
Java Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

OVVL Server

OVVL Server provides the OVVL Frontend with the required data and includes a product (CPE) and vulnerability (CVE) API which can be used for external use cases. OVVL is developed at University of Applied Sciences Offenburg and part of the BMBF KMU-Innovation Project "CloudProtect" (Förderkennzeichen 16KIS0850).

The server is built on Spring boot 2.1.0 and Swagger. It requires Java 8 to run and a MongoDB to work correctly.


Threats were created with the "Elevation of Privilege Card Game" from Microsoft. The game is licensed under the Creative Commons Attribution 3.0 United States License.


Build the server using Gradle.

gradle clean build

Then run it:

gradle bootRun

You can also run the Server using docker, but make sure to set up a network bridge with your MongoDB.

docker build 
    --build-arg mongoConnection=$MONGODB_CONNECTION
    --build-arg jwtSecret=$OVVL_JWT_SECRET 
    --build-arg supportMail=$SUPPORT_MAIL_SENDER 
    --build-arg supportMailPW=$SUPPORT_MAIL_SENDER_PW
    --build-arg supportMailReceiver=$SUPPORT_MAIL_RECEIVER -t ovvl-docker .

Environment Variables

The following environment variables have to be set in order for the server to run correctly.

  • MONGODB_CONNECTION - The URI for the MongoDB connection. E.g. mongodb://ovvl-mongo:27017/ovvl-db
  • OVVL_JWT_SECRET - The secret for the JSON Web-Token generation.
  • SUPPORT_MAIL_SENDER - The mail address used to send support mails.
  • SUPPORT_MAIL_SENDER_PW - The password of that mail address.
  • SUPPORT_MAIL_RECEIVER - The mail address receiving the support mails.

MongoDB and CPE/CVE data

The server requires a MongoDB connection in order to work correctly. If you want to utilize the CPE and CVE lookup feature, you need to fill the database with the data provided by the NVD (CPE / CVE). Place the unpacked files under src/main/resources and specify the years of the downloaded CVE data in the CVEService under src/main/java/com/tam/services/meta/ -> getNVDFileSpecifications(). Once you uncomment the fillDBWith...() function in, the files will be automatically parsed and fill your MongoDB.

Swagger API generation

To API is specified in src/main/resources/swagger with the help of yamlinc. If you want to add to the existing API, specify your requirements following the existing structure and after building the API-documentation with yamlinc, run the gradle generateApi task. Code generated by this method is placed under src/generated.


When running, the API documentation can be viewed at localhost:8080/swagger-ui.html.


Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

You can’t perform that action at this time.