An implementation of a CSAF 2.0 trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider.
is a tool for downloading advisories from a provider. Can be used for automated forwarding of CSAF documents.
is a tool to validate local advisories files against the JSON Schema and an optional remote validator.
is a tool to search through local advisories. It finds PURLs based on the product ID of an advisory.
is an implementation of the role CSAF Trusted Provider, also offering a simple HTTPS based management service.
is a command line tool to upload CSAF documents to the csaf_provider
.
is a tool for testing a CSAF Trusted Provider according to Section 7 of the CSAF standard.
is a CSAF Aggregator, to list or mirror providers.
Binaries for the server side are only available and tested for GNU/Linux-Systems, e.g. Ubuntu LTS. They are likely to run on similar systems when build from sources.
The windows binary package only includes
csaf_downloader
, csaf_validator
, csaf_checker
and csaf_uploader
.
Download the binaries from the most recent release assets on Github.
-
A recent version of Go (1.21+) should be installed. Go installation
-
Clone the repository
git clone https://github.com/csaf-poc/csaf_distribution.git
-
Build Go components Makefile supplies the following targets:
- Build For GNU/Linux System:
make build_linux
- Build For Windows System (cross build):
make build_win
- Build For both linux and windows:
make build
- Build from a specific github tag by passing the intended tag to the
BUILDTAG
variable. E.g.make BUILDTAG=v1.0.0 build
ormake BUILDTAG=1 build_linux
. The special value1
means checking out the highest github tag for the build. - Remove the generated binaries und their directories:
make mostlyclean
- Build For GNU/Linux System:
Binaries will be placed in directories named like bin-linux-amd64/
and bin-windows-amd64/
.
- Maintainers only: No need to do this if you have cloned this repository for unmodified usage only.
go generate ./...
will update the machine generated code.
- Install nginx
- To install a TLS server certificate on nginx see docs/install-server-certificate.md
- To configure nginx see docs/provider-setup.md
- To configure nginx for client certificate authentication see docs/client-certificate-setup.md
-
csaf_distribution
is licensed as Free Software under MIT License. -
See the specific source files for details, the license itself can be found in the directory
LICENSES/
. -
Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.
-
Check the source file of each schema under
/csaf/schema/
to see the source and license of each one.