From c5527a7e2a574a27d66742357180f10dc5aacb8a Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Wed, 4 Oct 2023 07:05:03 -0700 Subject: [PATCH] docs: prepare release 5.0.0 (#81) --- .../vuln.tools.java-common-conventions.gradle | 2 +- open-vulnerability-clients/README.md | 4 +- open-vulnerability-store/README.md | 167 +----------------- vulnz/README.md | 4 +- 4 files changed, 9 insertions(+), 168 deletions(-) diff --git a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle index bd381574..5dbcd03b 100644 --- a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle +++ b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle @@ -12,7 +12,7 @@ plugins { } group 'io.github.jeremylong' -version = '4.1.3' +version = '5.0.0' repositories { mavenCentral() diff --git a/open-vulnerability-clients/README.md b/open-vulnerability-clients/README.md index 13c8ecd8..868c38b5 100644 --- a/open-vulnerability-clients/README.md +++ b/open-vulnerability-clients/README.md @@ -39,14 +39,14 @@ See API usage examples in the [open-vulnerability-store](https://github.com/jere io.github.jeremylong open-vulnerability-clients - 4.1.2 + 5.0.0 ``` ### gradle ```groovy -implementation 'io.github.jeremylong:open-vulnerability-clients:4.1.2' +implementation 'io.github.jeremylong:open-vulnerability-clients:5.0.0' ``` ### api usage diff --git a/open-vulnerability-store/README.md b/open-vulnerability-store/README.md index 5541014c..cce830d1 100644 --- a/open-vulnerability-store/README.md +++ b/open-vulnerability-store/README.md @@ -1,164 +1,5 @@ -# data-source +# open-vulnerability-store - - - -# gh-advisory-lib - -A client for the GitHub GraphQL API to retrieve the GitHub Security Advisories. - -The client requires a GitHub Personal Access Token to access the API. - -## usage - -### maven - -```xml - - io.github.jeremylong - gh-advisory-lib - 2.0.2 - -``` - -### gradle - -```groovy -implementation 'io.github.jeremylong:gh-advisory-lib:2.0.2' -``` - -### building from source - -```shell -./gradlew build -``` - -### api usage - -The API is intended to be fairly simple; an example implementation is given below to retrieve the entire GitHub Security Advisory data -set - including a mechanism to keep the data up to date. - -```java - -import GitHubSecurityAdvisoryClient; -import GitHubSecurityAdvisoryClientBuilder; -import SecurityAdvisory; - -import java.time.ZoneOffset; -import java.time.ZonedDateTime; -import java.util.List; - -public class Example { - ZonedDateTime retrieveLastUpdated() { - // TODO implement a storage/retrieval mechanism for the last updated date. - - return ZonedDateTime.now(ZoneOffset.UTC).minusDays(1); - } - - void storeLastUpdated(ZonedDateTime lastUpdated) { - // TODO implement a storage/retrieval mechanism for the last update time. - } - - @Test - void testNext() throws Exception { - String apiKey = System.getenv("GITHUB_TOKEN"); - - GitHubSecurityAdvisoryClientBuilder builder = GitHubSecurityAdvisoryClientBuilder - .aGitHubSecurityAdvisoryClient() - .withApiKey(apiKey); - - ZonedDateTime lastUpdated = retrieveLastUpdated(); - if (lastUpdated != null) { - builder.withUpdatedSinceFilter(lastUpdated); - } - try (GitHubSecurityAdvisoryClient client = builder.build()) { - if (client.hasNext()) { - List result = client.next(); - //TODO do something useful with the SecurityAdvisories - } - storeLastUpdated(client.getLastUpdated()); - } - } -} -``` - - -# nvd-lib - -A client for the NVD API to retrieve vulnerability data. - -An API Key for the NVD API is highly recommended - especially when downloading the full Vulnerability Catalog from the -NVD. Without an API key downloading takes 10+ minutes; whereas with an API key (and using 4 threads) the entire NVD -Vulnerability Catalog can be downloaded in ~90 seconds. - -## usage - -### maven - -```xml - - io.github.jeremylong - nvd-lib - 2.0.2 - -``` - -### gradle - -```groovy -implementation 'io.github.jeremylong:nvd-lib:2.0.2' -``` - -### building from source - -```shell -./gradlew build -``` - -### api usage - -The API is intended to be fairly simple; an example implementation is given below to retrieve the entire NVD CVE data -set - including a mechanism to keep the data up to date. - -```java -import NvdCveApi; -import NvdCveApiBuilder; -import DefCveItem; - -import java.time.ZonedDateTime; -import java.util.Collection; - -public class Example { - - ZonedDateTime retrieveLastUpdated() { - // TODO implement a storage/retrieval mechanism. - return null; - } - - void storeLasUpdated(ZonedDateTime lastUpdated) { - // TODO implement a storage/retrieval mechanism. - } - - public void update() { - ZonedDateTime lastModifiedRequest = retrieveLastUpdated(); - NvdCveApiBuilder builder = NvdCveApiBuilder.aNvdCveApi(); - if (lastModifiedRequest != null) { - ZonedDateTime end = lastModifiedRequest.minusDays(-120); - builder.withLastModifiedFilter(lastModifiedRequest, end); - } - //TODO add API key with builder's `withApiKey()` - //TODO if an API Key is used consider adding `withThreadCount(4)` - //TODO add any additional filters via the builder's `withFilter()` - try (NvdCveApi api = builder.build()) { - while (api.hasNext()) { - Collection items = api.next(); - //TODO do something with the items - } - lastModifiedRequest = api.getLastModifiedRequest(); - } catch (Exception e) { - e.printStackTrace(); - } - storeLasUpdated(lastModifiedRequest); - } -} -``` \ No newline at end of file +The open-vulnerability-store is an experimental project to build a database containing a normalized +set of vulnerability information. Currently, the library can be used to create a database of the +GitHub Security Advisories, NVD CVE data, the CISA Known Expoited Vulnerabilities Catalog, and EPSS. diff --git a/vulnz/README.md b/vulnz/README.md index 98277987..5d33d61b 100644 --- a/vulnz/README.md +++ b/vulnz/README.md @@ -54,7 +54,7 @@ export JAVA_OPTS="-Xmx2g" Alternatively, run the CLI using the `-Xmx2g` argument: ```bash -java -Xmx2g -jar ./vulnz-4.1.2.jar +java -Xmx2g -jar ./vulnz-5.0.0.jar ``` ### Creating the Cache @@ -71,7 +71,7 @@ for file in *.json; do gzip -k "${file}"; done Alternatively, without using the above install command: ```bash -./vulnz-4.1.2.jar cve --cache --directory ./cache +./vulnz-5.0.0.jar cve --cache --directory ./cache cd cache for file in *.json; do gzip -k "${file}"; done ```