SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions
Tools to download or provide CSAF2 (Common Security Advisory Framework) documents.
150 commits 13 branches 34 tags 8.5 MiB
Find a file
Fadi Abbud 97ca513f9b Add Makefile for building go components 
* Makefile with the following targets
	** build for (linux system)
     	** build_win  (windows system)
     	** build_tag (build from the last tag)
     	** clean  for (removing the binaries)
* Adjust README file
2022-01-17 17:11:15 +01:00
.github/workflows Add github-actions 2021-11-26 13:18:26 +01:00
cmd Do not report success on checks which were not performed. 2022-01-12 19:48:33 +01:00
csaf Fixed problems with ROLIE in provider metadata. 2021-12-13 02:08:32 +01:00
docs Describe how to enable dir listings and link following. 2021-11-30 16:13:10 +01:00
LICENSES Improve Phrasing and move 3rdpartylicenses one up. 2021-12-16 16:26:08 +01:00
util Started with checking the CSAF files. 2021-12-14 02:24:40 +01:00
3rdpartylicenses.md Improve Phrasing and move 3rdpartylicenses one up. 2021-12-16 16:26:08 +01:00
go.mod Added support for entering passwords interactively. 2021-12-07 11:38:14 +01:00
go.sum Added support for entering passwords interactively. 2021-12-07 11:38:14 +01:00
Makefile Add Makefile for building go components 2022-01-17 17:11:15 +01:00
README.md Add Makefile for building go components 2022-01-17 17:11:15 +01:00

README.md

csaf_distribution

WIP: A proof of concept for a CSAF trusted provider, checker and aggregator.

Setup

  • A recent version of Go (1.17+) should be installed. Go installation

  • Clone the repository git clone https://github.com/csaf-poc/csaf_distribution.git

  • Build Go components Makefile supplies the following builds:

    • For Linux Systems :make build
    • For Windows platform: make build_win
    • Build from the last tag: make build_tag

These places the binares in the current directory.

csaf_uploader

csaf_uploader is a command line tool that uploads CSAF documents to the trusted provider (CSAF_Provider). Following options are supported:

Options Description
-a, --action=[upload|create] Action to perform (default: upload)
-u, --url=URL URL of the CSAF provider (default:https://localhost/cgi-bin/csaf_provider.go)
-t, --tlp=[csaf|white|green|amber|red] TLP of the feed (default: csaf)
-x, --external-signed CASF files are signed externally.
-k, --key=KEY-FILE OpenPGP key to sign the CSAF files
-p, --password=PASSWORD Authentication password for accessing the CSAF provider
-P, --passphrase=PASSPHRASE Passphrase to unlock the OpenPGP key
-i, --password-interactive Enter password interactively
-I, --passphrase-interacive Enter passphrase interactively
-c, --config=INI-FILE Path to config ini file
-h, --help Show help

E.g. creating the initial directiories and files

./csaf_uploader -a create  -u http://localhost/cgi-bin/csaf_provider.go

E.g. uploading a csaf-document

./csaf_uploader -a upload -I -t white -u http://localhost/cgi-bin/csaf_provider.go  CSAF-document-1.json

which asks to enter password interactively.

csaf_uploader can be started with a config file like following:

./csaf_provider -c conf.ini

config.ini :

action=create
u=http://localhost/cgi-bin/csaf_provider.go

License

  • csaf_distribution is licensed as Free Software under MIT License.

  • See the specific source files for details, the license itself can be found in the directory LICENSES/.

  • Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.

  • Check the source file of each schema under /csaf/schema/ to see the source and license of each one.