SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions
gocsaf/docs/csaf_provider.md
s-l-teichmann s-l-teichmann@users.noreply.github.com be15d43dd3 Apply automatic changes
2022-07-26 13:14:14 +00:00

125 lines
4.6 KiB
Markdown
Raw Blame History

`csaf_provider` implements the CGI interface for webservers
and reads its configuration from a [TOML](https://toml.io/en/) file.
The [setup docs](../README.md#setup-trusted-provider)
explain how to wire this up with nginx and where the config file lives.
## Provider options
The following example file documents all available configuration options:
<!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/examples/provider_config.toml) -->
<!-- The below code snippet is automatically added from ../docs/examples/provider_config.toml -->
```toml
# Set the authentication password for accessing the CSAF provider.
# It is essential that you set a secure password between the quotation marks.
# The default being no password set.
#password = ""
# Set the path to the public OpenPGP key.
#openpgp_public_key = "/etc/csaf/openpgp_public.asc"
# Set the path to the private OpenPGP key.
#openpgp_private_key = "/etc/csaf/openpgp_private.asc"
# Specify the root folder.
#folder = "/var/www/"
# Specify the web folder.
#web = "/var/www/html"
# Allow sending a signature with the request.
# An additional input-field in the web interface will be shown
# to let user enter an ascii armored OpenPGP signature.
#upload_signature = false
# Set the beginning of the URL where contents are accessible from the internet.
# If not set, the provider will read from the $SERVER_NAME variable.
# The following shows an example of a manually set prefix:
#canonical_url_prefix = https://localhost
# Require users to use a password and a valid Client Certificate for write access.
#certificate_and_password = false
# Allow the user to send the request without having to send a passphrase
# to unlock the the OpenPGP key.
# If set to true, the input-field in the web interface will be omitted.
#no_passphrase = false
# Make the provider skip the validation of the uploaded CSAF document
# against the JSON schema.
#no_validation = false
# Disable the experimental web interface.
#no_web_ui = true
# Make the provider take the publisher from the CSAF document.
#dynamic_provider_metadata = false
# Set the upload limit size of a file in bytes.
# The default is equivalent to 50 MiB.
#upload_limit = 52428800
# Set the issuer of the CA.
# If set, the provider restricts the writing permission and the
# access to the web-interface to users with the client certificates
# signed with this CA.
# The following shows an example. As default, none is set.
#issuer = "Example Company"
# Make the provider write/update index.txt and changes.csv.
#write_indices = false
# Make the provider write a `CSAF:` entry into `security.txt`.
#write_security = false
# Set the TLP allowed to be send with the upload request
# (one or more of "csaf", "white", "amber", "green", "red").
# The "csaf" entry lets the provider take the value from the CSAF document.
# These affect the list items in the web interface.
#tlps = ["csaf", "white", "amber", "green", "red"]`
# Make the provider create a ROLIE service document.
#create_service_document = false
# Make the provider create a ROLIE category document from a list of strings.
# If a list item starts with `expr:`
# the rest of the string is used as a JsonPath expression
# to extract a string from the incoming advisories.
# Strings not starting with `expr:` are taken verbatim.
# By default no category documents are created.
# This example provides an overview over the syntax,
# adjust the parameters depending on your setup.
#categories = ["Example Company Product A", "expr:document.lang"]
# Make the provider use a remote validator service. Not used by default.
# This example provides an overview over the syntax,
# adjust the parameters depending on your setup.
#[remote_validator]
#url = "http://localhost:8082"
#presets = ["mandatory"]
#cache = "/var/lib/csaf/validations.db"
[provider_metadata]
# Indicate that aggregators can list us.
list_on_CSAF_aggregators = true
# Indicate that aggregators can mirror us.
mirror_on_CSAF_aggregators = true
# Set the publisher details.
[provider_metadata.publisher]
category = "vendor"
name = "Example Company"
namespace = "https://example.com"
issuing_authority = "We at Example Company are responsible for publishing and maintaining Product Y."
contact_details = "Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact."
```
<!-- MARKDOWN-AUTO-DOCS:END -->
### Experimental web upload interface
There is an experimental upload interface which works with a web browser.
It is disabled by default, as there are known issues, notably:
* https://github.com/csaf-poc/csaf_distribution/issues/43
* https://github.com/csaf-poc/csaf_distribution/issues/256
View git blame Copy permalink