Skip to content
/ csaf_distribution Public
forked from csaf-poc/csaf_distribution

A set of csaf tools (CSAF trusted provider, provider checker and CSAF aggregator)

0 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cintek/csaf_distribution

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

920 Commits
.github/workflows
.github/workflows
 
 
LICENSES
LICENSES
 
 
cmd
cmd
 
 
csaf
csaf
 
 
docs
docs
 
 
internal
internal
 
 
util
util
 
 
.gitignore
.gitignore
 
 
3rdpartylicenses.md
3rdpartylicenses.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

csaf_distribution

An implementation of a CSAF 2.0 trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider.

Tools for users

csaf_downloader

is a tool for downloading advisories from a provider. Can be used for automated forwarding of CSAF documents.

csaf_validator

is a tool to validate local advisories files against the JSON Schema and an optional remote validator.

csaf_searcher

is a tool to search through local advisories. It finds PURLs based on the product ID of an advisory.

Tools for advisory providers

csaf_provider

is an implementation of the role CSAF Trusted Provider, also offering a simple HTTPS based management service.

csaf_uploader

is a command line tool to upload CSAF documents to the csaf_provider.

csaf_checker

is a tool for testing a CSAF Trusted Provider according to Section 7 of the CSAF standard.

csaf_aggregator

is a CSAF Aggregator, to list or mirror providers.

Setup

Binaries for the server side are only available and tested for GNU/Linux-Systems, e.g. Ubuntu LTS. They are likely to run on similar systems when build from sources.

The windows binary package only includes csaf_downloader, csaf_validator, csaf_checker and csaf_uploader.

Prebuild binaries

Download the binaries from the most recent release assets on Github.

Build from sources

  • A recent version of Go (1.21+) should be installed. Go installation

  • Clone the repository git clone https://github.com/csaf-poc/csaf_distribution.git

  • Build Go components Makefile supplies the following targets:

    • Build For GNU/Linux System: make build_linux
    • Build For Windows System (cross build): make build_win
    • Build For both linux and windows: make build
    • Build from a specific github tag by passing the intended tag to the BUILDTAG variable. E.g. make BUILDTAG=v1.0.0 build or make BUILDTAG=1 build_linux. The special value 1 means checking out the highest github tag for the build.
    • Remove the generated binaries und their directories: make mostlyclean

Binaries will be placed in directories named like bin-linux-amd64/ and bin-windows-amd64/.

  • Maintainers only: No need to do this if you have cloned this repository for unmodified usage only.
go generate ./...

will update the machine generated code.

Setup (Trusted Provider)

License

  • csaf_distribution is licensed as Free Software under MIT License.

  • See the specific source files for details, the license itself can be found in the directory LICENSES/.

  • Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.

  • Check the source file of each schema under /csaf/schema/ to see the source and license of each one.

About

A set of csaf tools (CSAF trusted provider, provider checker and CSAF aggregator)

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 97.9%
  • HTML 1.3%
  • Makefile 0.8%