SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 11:55:40 +01:00
Code Issues Releases Activity Actions
Tools to download or provide CSAF2 (Common Security Advisory Framework) documents.
140 commits 13 branches 34 tags 8.5 MiB
Find a file
Bernhard E. Reiter 5bd049bf01
Merge pull request #18 from csaf-poc/third-party-licenses 
Add Third party licenses info
2022-01-10 15:25:38 +01:00
.github/workflows Add github-actions 2021-11-26 13:18:26 +01:00
cmd Place CSAF files in the right folder. 2021-12-16 15:53:44 +01:00
csaf Fixed problems with ROLIE in provider metadata. 2021-12-13 02:08:32 +01:00
docs Describe how to enable dir listings and link following. 2021-11-30 16:13:10 +01:00
LICENSES Improve Phrasing and move 3rdpartylicenses one up. 2021-12-16 16:26:08 +01:00
util Started with checking the CSAF files. 2021-12-14 02:24:40 +01:00
3rdpartylicenses.md Improve Phrasing and move 3rdpartylicenses one up. 2021-12-16 16:26:08 +01:00
go.mod Added support for entering passwords interactively. 2021-12-07 11:38:14 +01:00
go.sum Added support for entering passwords interactively. 2021-12-07 11:38:14 +01:00
README.md fix typos in README.md 2022-01-10 15:14:20 +01:00

README.md

csaf_distribution

WIP: A proof of concept for a CSAF trusted provider, checker and aggregator.

Setup

  • A recent version of Go (1.17+) should be installed. Go installation

  • Clone the repository git clone https://github.com/csaf-poc/csaf_distribution.git

  • Build Go components

cd csaf_distribution
go build -v ./cmd/...

csaf_uploader

csaf_uploader is a command line tool that uploads CSAF documents to the trusted provider (CSAF_Provider). Following options are supported:

Options Description
-a, --action=[upload|create] Action to perform (default: upload)
-u, --url=URL URL of the CSAF provider (default:https://localhost/cgi-bin/csaf_provider.go)
-t, --tlp=[csaf|white|green|amber|red] TLP of the feed (default: csaf)
-x, --external-signed CASF files are signed externally.
-k, --key=KEY-FILE OpenPGP key to sign the CSAF files
-p, --password=PASSWORD Authentication password for accessing the CSAF provider
-P, --passphrase=PASSPHRASE Passphrase to unlock the OpenPGP key
-i, --password-interactive Enter password interactively
-I, --passphrase-interacive Enter passphrase interactively
-c, --config=INI-FILE Path to config ini file
-h, --help Show help

E.g. creating the initial directiories and files

./csaf_uploader -a create  -u http://localhost/cgi-bin/csaf_provider.go

E.g. uploading a csaf-document

./csaf_uploader -a upload -I -t white -u http://localhost/cgi-bin/csaf_provider.go  CSAF-document-1.json

which asks to enter password interactively.

csaf_uploader can be started with a config file like following:

./csaf_provider -c conf.ini

config.ini :

action=create
u=http://localhost/cgi-bin/csaf_provider.go

License

  • csaf_distribution is licensed as Free Software under MIT License.

  • See the specific source files for details, the license itself can be found in the directory LICENSES/.

  • Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.

  • Check the source file of each schema under /csaf/schema/ to see the source and license of each one.