Skip to content

A set of csaf tools (CSAF trusted provider, provider checker and CSAF aggregator)

Notifications You must be signed in to change notification settings

cintek/csaf_distribution

 
 

Repository files navigation

csaf_distribution

An implementation of a CSAF 2.0 trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider.

Tools for users

is a tool for downloading advisories from a provider. Can be used for automated forwarding of CSAF documents.

is a tool to validate local advisories files against the JSON Schema and an optional remote validator.

is a tool to search through local advisories. It finds PURLs based on the product ID of an advisory.

Tools for advisory providers

is an implementation of the role CSAF Trusted Provider, also offering a simple HTTPS based management service.

is a command line tool to upload CSAF documents to the csaf_provider.

is a tool for testing a CSAF Trusted Provider according to Section 7 of the CSAF standard.

is a CSAF Aggregator, to list or mirror providers.

Setup

Binaries for the server side are only available and tested for GNU/Linux-Systems, e.g. Ubuntu LTS. They are likely to run on similar systems when build from sources.

The windows binary package only includes csaf_downloader, csaf_validator, csaf_checker and csaf_uploader.

Prebuild binaries

Download the binaries from the most recent release assets on Github.

Build from sources

  • A recent version of Go (1.21+) should be installed. Go installation

  • Clone the repository git clone https://github.com/csaf-poc/csaf_distribution.git

  • Build Go components Makefile supplies the following targets:

    • Build For GNU/Linux System: make build_linux
    • Build For Windows System (cross build): make build_win
    • Build For both linux and windows: make build
    • Build from a specific github tag by passing the intended tag to the BUILDTAG variable. E.g. make BUILDTAG=v1.0.0 build or make BUILDTAG=1 build_linux. The special value 1 means checking out the highest github tag for the build.
    • Remove the generated binaries und their directories: make mostlyclean

Binaries will be placed in directories named like bin-linux-amd64/ and bin-windows-amd64/.

  • Maintainers only: No need to do this if you have cloned this repository for unmodified usage only.
go generate ./...

will update the machine generated code.

Setup (Trusted Provider)

License

  • csaf_distribution is licensed as Free Software under MIT License.

  • See the specific source files for details, the license itself can be found in the directory LICENSES/.

  • Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.

  • Check the source file of each schema under /csaf/schema/ to see the source and license of each one.

About

A set of csaf tools (CSAF trusted provider, provider checker and CSAF aggregator)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 97.9%
  • HTML 1.3%
  • Makefile 0.8%