Build a local copy of CPE(Common Platform Enumeration)
Switch branches/tags
Nothing to show
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
commands V0.2.0 (#7) Sep 25, 2018
config V0.2.0 (#7) Sep 25, 2018
cpe V0.2.0 (#7) Sep 25, 2018
db V0.2.0 (#7) Sep 25, 2018
models V0.2.0 (#7) Sep 25, 2018
nvd support nvd json v1 (#11) Nov 7, 2018
testutil V0.2.0 (#7) Sep 25, 2018
util V0.2.0 (#7) Sep 25, 2018
.gitignore V0.2.0 (#7) Sep 25, 2018
GNUmakefile V0.2.0 (#7) Sep 25, 2018
Gopkg.lock V0.2.0 (#7) Sep 25, 2018
Gopkg.toml V0.2.0 (#7) Sep 25, 2018
LICENSE Initial commit Apr 16, 2016 Remove changelog link from README (#9) Oct 29, 2018
main.go V0.2.0 (#7) Sep 25, 2018
make V0.2.0 (#7) Sep 25, 2018


This is tool to build a local copy of the CPE (Common Platform Enumeration) [1].

CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.

go-cpe-dictionary download CPE data from NVD (National Vulnerabilities Database) [2]. Copy is generated in sqlite format.



Install requirements

go-cpe-dictionary requires the following packages.

$ sudo yum -y install sqlite git gcc
$ wget
$ sudo tar -C /usr/local -xzf go1.6.linux-amd64.tar.gz
$ mkdir $HOME/go

Put these lines into /etc/profile.d/

export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Set the OS environment variable to current shell

$ source /etc/profile.d/

Deploy go-cpe-dictionary

To install:

$ mkdir -p $GOPATH/src/
$ cd $GOPATH/src/
$ git clone
$ cd go-cpe-dictionary
$ make install

Fetch CPE data from NVD. It takes about 1 minutes.

$ go-cpe-dictionary fetch
... snip ...
$ ls -alh cpe.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 7.0M Mar 24 13:20 cpe.sqlite3

Now we have a local copy of CPE data in sqlite3.

How to search CPE name by application name

This example use Peco for incremental search.

$ ls cpe.sqlite3
$ sqlite3 ./cpe.sqlite3 'select cpe_uri from categorized_cpes' | peco



$ go-cpe-dictionary -help
Usage of ./go-cpe-dictionary:
  -dbpath string
        /path/to/sqlite3/datafile (default "/Users/kotakanbe/go/src/")
  -dump-path string
        /path/to/dump.json (default "/Users/kotakanbe/go/src/")
        Fetch CPE data from NVD
  -http-proxy string
        HTTP Proxy URL (http://proxy-server:8080)
        load CPE data from dumpfile
  -v    Debug mode
        SQL debug mode


  • HTTP Proxy Support
    If your system is behind HTTP proxy, you have to specify --http-proxy option.

  • How to cross compile

    $ cd /path/to/your/local-git-reporsitory/go-cpe-dictionary
    $ GOOS=linux GOARCH=amd64 go build -o cvedict.amd64
  • Debug
    Run with --debug, --sql-debug option.

Data Source


kotakanbe (@kotakanbe) created go-cpe-dictionary and these fine people have contributed.


  1. fork a repository: to
  2. get original code: go get
  3. work on original code
  4. add remote to your repo: git remote add myfork
  5. push your changes: git push myfork
  6. create a new Pull Request


Please see LICENSE.

Additional License

How can my organization use the NVD data within our own products and services?
All NVD data is freely available from our XML Data Feeds. There are no fees, licensing restrictions, or even a requirement to register. All NIST publications are available in the public domain according to Title 17 of the United States Code. Acknowledgment of the NVD when using our information is appreciated. In addition, please email to let us know how the information is being used.