JavaVuln allows you to view your projects, the libraries they depend on and the vulnerabilities (CVEs) they may have.
- Clone the repo
- Create a
.env
file underjavavuln-api
with the properties found underjavavuln-api/example.env
- Create a
.env
file underjavavuln
with the properties found underjavavuln/example.env
- Populate a Sqlite database in accordance with the following schema:
CREATE TABLE projects (
id INTEGER PRIMARY KEY,
project_name TEXT
);
CREATE TABLE libraries (
id INTEGER PRIMARY KEY,
path TEXT,
name TEXT,
version TEXT,
group_id TEXT,
artifact_id TEXT,
latest_version TEXT,
max_cvss_v3 REAL,
count_cves INTEGER,
count_unknown INTEGER,
count_none INTEGER,
count_low INTEGER,
count_medium INTEGER,
count_high INTEGER,
count_critical INTEGER
);
CREATE TABLE cves (
cve TEXT,
cvss_v3 REAL,
severity TEXT,
published_date TEXT,
last_modified_date TEXT,
json_data TEXT
);
-- Not currently used
CREATE TABLE project_project_dependencies (
id INTEGER PRIMARY KEY,
project_id INTEGER,
depends_on_id INTEGER,
depends_on_name TEXT
);
-- Sqlite uses INTEGER for BOOL (hence direct is an INTEGER)
CREATE TABLE project_library_dependencies (
id INTEGER PRIMARY KEY,
project_id INTEGER,
library_id INTEGER,
direct INTEGER
);
-- Sqlite uses INTEGER for BOOL (hence direct is an INTEGER)
CREATE TABLE library_cves (
id INTEGER PRIMARY KEY,
library_id INTEGER,
cve TEXT,
direct INTEGER
);
- Open a terminal window and change directory into the
javavuln-api
subdirectory. - Run
npm install
- Run
npm start
ornpm run dev
to start the API server. - Open a second terminal window and change into the
javavuln
subdirectory. - Run
npm install
- Run
npm run dev -- --open
to start the web server.