CVE Monitor for OpenObserve, ELK stack, Splunk etc

This script fetches CVE data from https://app.opencve.io/ and logs it to your favorite log solution, such as Splunk, OpenObserve, ELK etc.
This way you can monitor, dashboard and alert on CVE's.

Use cases

• monitor security intel for your favorite tech stacks
• set alerts for critical CVE's affecting your stack
• run this with a cron scheduler to stay up to date
• run it in daemon mode from a docker compose project

Setup

Create an account on https://app.opencve.io/ .

docker build -t cve-monitor .
mkdir logs
chown 999:999 logs

Create config/vendors.txt from config/vendors.example.txt with CPE vendor/product data.
You might use https://app.opencve.io/ as a resource for this.

Example config/vendors.txt:

fasterxml:jackson-databind
nextcloud:nextcloud_server

Create .env from .env.example and fill in all details.

Run

docker run --rm --env-file .env -v $(pwd)/config:/config -v $(pwd)/logs:/logs cve-monitor

Daemon mode

Set ENV var DAEMON_MODE=true and run with docker compose.
Interval is controlled with ENV var HOURS_LOOKBACK.

Detailed information

Use ENABLE_DETAILED_CVE_CALLS=true to fetch detailed information like CVS score. Heavily increased API usage.