exploit-db-server combines go-exploitdb running in server mode with a mechanism for periodically updating the known exploits into a single container which can be deployed standalone or on kubernetes.
It will update the database (from all supported sources) once when the container starts and then every 3 hours until the container stops.
# Registry defaults to ghcr.io/openclarity and tag defaults to the latest commit ID
DOCKER_REGISTRY=<registry> DOCKER_TAG=<tag> make docker
docker run -d -p 1326:1326 --name exploit-db-server <registry>/exploit-db-server:<tag>
To persist the database between container runs:
mkdir /opt/exploit-db
docker run -d -p 1326:1326 -v /opt/exploit-db:/var/lib/go-exploitdb -name exploit-db-server <registry>/exploit-db-server:<tag>
Example for how to query the server are given on the go-exploitdb README:
If you are ready to jump in and test, add code, or help with documentation, please follow the instructions on our contributing guide for details on how to open issues, setup VMClarity for development and test.
You can view our code of conduct here.