Skip to content

canonical/ubuntu-com-security-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

272 Commits

.github

.github

 
 

docker-entrypoint-initdb.d

docker-entrypoint-initdb.d

 
 

konf

konf

 
 

migrations

migrations

 
 

scripts

scripts

 
 

templates

templates

 
 

tests

tests

 
 

webapp

webapp

 
 

.env

.env

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

docker-compose.yaml

docker-compose.yaml

 
 

entrypoint

entrypoint

 
 

package.json

package.json

 
 

renovate.json

renovate.json

 
 

requirements.txt

requirements.txt

 
 

run

run

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

ubuntu.com security API

API functions under ubuntu.com for querying CVEs and security notices.

Local development

The simplest way to run the API locally is using the dotrun snap:

dotrun  # In the root of the project folder

This will start a database, import some sample data and run the server. Exiting the server with ctrl + c should automatically stop the database again.

Once the server has started, you can query CVEs, Notices or Releases from the API:

Or view the API documentation at http://0.0.0.0:8030/security/api/docs.

Managing the project

It's best to run and manage the project using dotrun if possible. This will install pip dependencies automatically, and will also include any expected system level dependencies.

Dotrun commands

A number of "scripts" are defined in package.json for running with dotrun. These could usually also be run with yarn run {scriptname}.

  • dotrun start: Run serve (this is the same as simply running dotrun)
  • dotrun serve: Start the database and the API service
  • dotrun start-db: Start and attach to the database without starting the API
  • dotrun delete-db: Stop and delete the database
  • dotrun test: Run lint-python, and then test-python
  • dotrun lint-python: Check the format of the Python code
  • dotrun format-python: Automatically format the Python code with black
  • dotrun test-python: Run Python tests to check the API functionality
  • dotrun clean: Delete databases, containers and temporary development files

API and database management scripts

There are also some extra Python scripts to help with manipulating the API and database. There can also be run through dotrun:

dotrun exec scripts/create-cves.py scripts/payloads/cves.json  # Create a new CVE through the API
dotrun exec scripts/create-notice.py scripts/payloads/usn-4414-2.json  # Create a Notice through the API
dotrun exec scripts/create-release.py scripts/payloads/testy.json  # Create a Release through the API
dotrun exec scripts/delete-cves.py CVE-2019-20504  # Delete a CVE
dotrun exec scripts/delete-notices.py USN-4414-2  # Delete a notice
dotrun exec scripts/delete-release.py testy  # Delete a release
dotrun exec scripts/generate-sample-security-data.py  # Fill the database with thousands of fake records

About

The API for CVEs and USNs data.

Topics

web-and-design

Resources

Readme
Activity
Custom properties

Stars

13 stars

Watchers

17 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 10

Languages