SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
Tools to download or provide CSAF2 (Common Security Advisory Framework) documents.
811 commits 13 branches 34 tags 8.5 MiB
Find a file
JanHoefelmeyer 8d381385b0
Merge pull request #422 from csaf-poc/checker-timerange-report 
Checker: Add time range to report
2023-08-17 09:18:49 +02:00
.github/workflows Add concurrent downloads to downloader. (#363) 2023-05-02 10:10:12 +02:00
cmd Merge branch 'main' into checker-timerange-report 2023-08-16 17:47:27 +02:00
csaf Use changes.csv instead of index.txt when using dir bases provider to make date filtering possible. 2023-07-26 03:56:05 +02:00
docs Fix merge conflict oversight in doc. 2023-08-16 20:29:25 +02:00
internal Add time range to checker report. 2023-08-02 20:01:04 +02:00
LICENSES Improve joining of url paths in some situations 2022-07-18 17:41:52 +02:00
util Improve error message if filename does not match document/tracking/id and let it be reported by the proper reporter (#382) 2023-06-30 23:36:54 +02:00
.gitignore refactor: add a .gitignore and include build directory 2022-09-24 19:21:56 +02:00
3rdpartylicenses.md Add support for remote validation services. (#185) 2022-06-21 14:47:06 +02:00
go.mod Update third party libraries. (#389) 2023-07-04 12:59:29 +02:00
go.sum Update third party libraries. (#389) 2023-07-04 12:59:29 +02:00
Makefile Burn v2 version into binaries. 2023-06-20 12:52:49 +02:00
README.md We need at least Go 1.20 2023-06-05 10:26:31 +02:00

README.md

csaf_distribution

An implementation of a CSAF 2.0 trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider.

csaf_provider

is an implementation of the role CSAF Trusted Provider, also offering a simple HTTPS based management service.

csaf_uploader

is a command line tool that uploads CSAF documents to the csaf_provider.

csaf_aggregator

is an implementation of the role CSAF Aggregator.

csaf_checker

is a tool for testing a CSAF Trusted Provider according to Section 7 of the CSAF standard. Does check requirements without considering the indicated role yet.

csaf_downloader

is a tool for downloading advisories from a provider.

csaf_validator

is a tool to validate local advisories files against the JSON Schema and an optional remote validator.

Setup

Note that binaries for the server side are only available and tested for GNU/Linux-Systems, e.g. Ubuntu LTS. They are likely to run on similar systems when build from sources.

The windows binary package only includes csaf_downloader, csaf_validator, csaf_checker and csaf_uploader.

Prebuild binaries

Download the binaries from the most recent release assets on Github.

Build from sources

  • A recent version of Go (1.20+) should be installed. Go installation

  • Clone the repository git clone https://github.com/csaf-poc/csaf_distribution.git

  • Build Go components Makefile supplies the following targets:

    • Build For GNU/Linux System: make build_linux
    • Build For Windows System (cross build): make build_win
    • Build For both linux and windows: make build
    • Build from a specific github tag by passing the intended tag to the BUILDTAG variable. E.g. make BUILDTAG=v1.0.0 build or make BUILDTAG=1 build_linux. The special value 1 means checking out the highest github tag for the build.
    • Remove the generated binaries und their directories: make mostlyclean

Binaries will be placed in directories named like bin-linux-amd64/ and bin-windows-amd64/.

Setup (Trusted Provider)

License

  • csaf_distribution is licensed as Free Software under MIT License.

  • See the specific source files for details, the license itself can be found in the directory LICENSES/.

  • Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.

  • Check the source file of each schema under /csaf/schema/ to see the source and license of each one.