| .github/workflows | ||
| cmd | ||
| csaf | ||
| docs | ||
| LICENSES | ||
| util | ||
| 3rdpartylicenses.md | ||
| go.mod | ||
| go.sum | ||
| Makefile | ||
| README.md | ||
csaf_distribution
WIP: A proof of concept for a CSAF trusted provider, checker and aggregator.
Status: Alpha (about 90% functionality is there)
Setup
-
A recent version of Go (1.17+) should be installed. Go installation
-
Clone the repository
git clone https://github.com/csaf-poc/csaf_distribution.git -
Build Go components Makefile supplies the following targets:
- Build For GNU/Linux System:
make build_linux - Build For Windows System (cross build):
make build_win - Build For both linux and windows:
make build - Build from a specific github tag by passing the intended tag to the
BUILDTAGvariable. E.g.make BUILDTAG=v1.0.0 buildormake BUILDTAG=1 build_linux. The special value1means checking out the highest github tag for the build. - Remove the generated binaries und their directories:
make mostlyclean
- Build For GNU/Linux System:
Binaries will be placed in directories named like bin-linux-amd64/ and bin-windows-amd64/.
- Install nginx
- To install server certificate on nginx see docs/install-server-certificate.md
- To configure nginx see docs/provider-setup.md
- To configure nginx for client certificate authentication see docs/client-certificate-setup.md
csaf_uploader
csaf_uploader is a command line tool that uploads CSAF documents to the trusted provider (CSAF_Provider). Following options are supported:
| Options | Description |
|---|---|
| -a, --action=[upload|create] | Action to perform (default: upload) |
| -u, --url=URL | URL of the CSAF provider (default:https://localhost/cgi-bin/csaf_provider.go) |
| -t, --tlp=[csaf|white|green|amber|red] | TLP of the feed (default: csaf) |
| -x, --external-signed | CSAF files are signed externally. Assumes .asc files beside CSAF files |
| -k, --key=KEY-FILE | OpenPGP key to sign the CSAF files |
| -p, --password=PASSWORD | Authentication password for accessing the CSAF provider |
| -P, --passphrase=PASSPHRASE | Passphrase to unlock the OpenPGP key |
| -i, --password-interactive | Enter password interactively |
| -I, --passphrase-interacive | Enter passphrase interactively |
| -c, --config=INI-FILE | Path to config ini file |
| --insecure | Do not check TLS certificates from provider |
| --client-cert | TLS client certificate file (PEM encoded data) |
| --client-key | TLS client private key file (PEM encoded data) |
| -h, --help | Show help |
E.g. creating the initial directiories and files
./csaf_uploader -a create -u http://localhost/cgi-bin/csaf_provider.go
E.g. uploading a csaf-document
./csaf_uploader -a upload -I -t white -u http://localhost/cgi-bin/csaf_provider.go CSAF-document-1.json
which asks to enter password interactively.
csaf_uploader can be started with a config file like following:
./csaf_provider -c conf.ini
config.ini :
action=create
u=http://localhost/cgi-bin/csaf_provider.go
csaf_checker
Provider checker is a tool for testing a CSAF trusted provider according to Section 7 of the CSAF standard.
Usage example:
./csaf_checker example.com -f html -o check-results.html
License
-
csaf_distribution is licensed as Free Software under MIT License.
-
See the specific source files for details, the license itself can be found in the directory
LICENSES/. -
Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.
-
Check the source file of each schema under
/csaf/schema/to see the source and license of each one.