mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00

Tools to download or provide CSAF2 (Common Security Advisory Framework) documents.

Find a file

Fadi Abbud d451cc3908 (minor) Fix one option value		2022-02-18 13:57:45 +01:00
.github/workflows	Add github-actions	2021-11-26 13:18:26 +01:00
cmd	Made auth middleware more readable.	2022-02-15 20:55:19 +01:00
csaf	Fixed issue #37	2022-01-31 14:17:35 +01:00
docs	(minor) Fix one option value	2022-02-18 13:57:45 +01:00
LICENSES	Improve Phrasing and move 3rdpartylicenses one up.	2021-12-16 16:26:08 +01:00
util	Started with checking the CSAF files.	2021-12-14 02:24:40 +01:00
3rdpartylicenses.md	Improve Phrasing and move 3rdpartylicenses one up.	2021-12-16 16:26:08 +01:00
go.mod	Added support for entering passwords interactively.	2021-12-07 11:38:14 +01:00
go.sum	Added support for entering passwords interactively.	2021-12-07 11:38:14 +01:00
Makefile	Add License header to Makefile and adjust the README (#53 )	2022-02-09 15:52:05 +01:00
README.md	Merge branch 'main' into client-certificate	2022-02-15 10:01:18 +01:00

csaf_distribution

WIP: A proof of concept for a CSAF trusted provider, checker and aggregator.

Setup

A recent version of Go (1.17+) should be installed. Go installation
Clone the repository git clone https://github.com/csaf-poc/csaf_distribution.git
Build Go components Makefile supplies the following targets:
- Build For GNU/Linux System: make build_linux
- Build For Windows System (cross build): make build_win
- Build For both linux and windows: make build
- Build from a specific github tag by passing the intended tag to the BUILDTAG variable.
  E.g. make BUILDTAG=v1.0.0 build or make BUILDTAG=1 build_linux.
  The special value 1 means checking out the highest github tag for the build.
- Remove the generated binaries und their directories: make mostlyclean

Binaries will be placed in directories named like bin-linux-amd64/ and bin-windows-amd64/.

Install nginx
To install server certificate on nginx see docs/install-server-certificate.md
To configure nginx see docs/provider-setup.md
To configure nginx for client certificate authentication see docs/client-certificate-setup.md

csaf_uploader is a command line tool that uploads CSAF documents to the trusted provider (CSAF_Provider). Following options are supported:

Options	Description
-a, --action=[upload\|create]	Action to perform (default: upload)
-u, --url=URL	URL of the CSAF provider (default:https://localhost/cgi-bin/csaf_provider.go)
-t, --tlp=[csaf\|white\|green\|amber\|red]	TLP of the feed (default: csaf)
-x, --external-signed	CASF files are signed externally.
-k, --key=KEY-FILE	OpenPGP key to sign the CSAF files
-p, --password=PASSWORD	Authentication password for accessing the CSAF provider
-P, --passphrase=PASSPHRASE	Passphrase to unlock the OpenPGP key
-i, --password-interactive	Enter password interactively
-I, --passphrase-interacive	Enter passphrase interactively
-c, --config=INI-FILE	Path to config ini file
-h, --help	Show help

E.g. creating the initial directiories and files

./csaf_uploader -a create  -u http://localhost/cgi-bin/csaf_provider.go

E.g. uploading a csaf-document

./csaf_uploader -a upload -I -t white -u http://localhost/cgi-bin/csaf_provider.go  CSAF-document-1.json

which asks to enter password interactively.

csaf_uploader can be started with a config file like following:

./csaf_provider -c conf.ini

config.ini :

action=create
u=http://localhost/cgi-bin/csaf_provider.go

csaf_distribution is licensed as Free Software under MIT License.
See the specific source files for details, the license itself can be found in the directory LICENSES/.
Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.
Check the source file of each schema under /csaf/schema/ to see the source and license of each one.