chore: documentation (finish)

backend/application/epss/services/cvss_bt.py

@@ -1,6 +1,7 @@
 import datetime
 from csv import DictReader
 from io import StringIO
+from typing import Optional
 
 import requests
 from cvss import CVSS3, CVSS4
@@ -15,7 +16,8 @@
 
 
 def import_cvss_bt() -> None:
-    response = requests.get(
+    response = requests.get(  # nosec B113
+        # This is a false positive, there is a timeout of 5 minutes
         "https://raw.githubusercontent.com/t0sche/cvss-bt/refs/heads/main/cvss-bt.csv",
         timeout=5 * 60,
         stream=True,
@@ -34,13 +36,8 @@ def import_cvss_bt() -> None:
     exploit_information_list = []
     for row in reader:
         cve = row.get("cve", "")
-        if not cve.startswith("CVE-"):
-            continue
-        cve_parts = cve.split("-")
-        if len(cve_parts) != 3:
-            continue
-        cve_year = cve.split("-")[1]
-        if not cve_year.isdigit():
+        cve_year = _get_year_from_cve(cve)
+        if cve_year is None:
             continue
         current_year = datetime.datetime.now().year
         settings = Settings.load()
@@ -70,6 +67,18 @@ def import_cvss_bt() -> None:
     exploit_information_apply_observations(settings)
 
 
+def _get_year_from_cve(cve: str) -> Optional[int]:
+    if not cve.startswith("CVE-"):
+        return None
+    cve_parts = cve.split("-")
+    if len(cve_parts) != 3:
+        return None
+    cve_year = cve.split("-")[1]
+    if not cve_year.isdigit():
+        return None
+    return int(cve_year)
+
+
 def exploit_information_apply_observations(settings: Settings) -> None:
     observations = (
         Observation.objects.filter(vulnerability_id__startswith="CVE-")

docs/integrations/api_import.md

@@ -39,7 +39,7 @@ API imports can be configured to run automatically at a specific time. There is
 
 In the `Features` section of the [Settings](../getting_started/configuration.md#admininistration-in-secobserve) the automatic import can be enabled for the whole SecObserve instance.
 
-![Settings automatic API import](../assets/images/screenshot_settings_automatic_api_import.png){ width="65%" style="display: block; margin: 0 auto" }
+![Settings automatic API import](../assets/images/screenshot_settings_automatic_api_import.png){ width="80%" style="display: block; margin: 0 auto" }
 
 The hour (in UTC time) and minute, when the automatic API imports and the [OSV scanning](./osv_scan.md/#automatic-import) will run, can be set in the `Background tasks`  section. A restart of the SecObserve instance is required to apply the changes.
 
@@ -49,4 +49,4 @@ The hour (in UTC time) and minute, when the automatic API imports and the [OSV s
 
 Only API configurations that have `Automatic import enabled` turned on will be imported automatically. When the automatic import is enabled for an API configuration, the values for `Branch / Version`, `Service`, `Docker image name:tag`, `Endpoint URL`and `Kubernetes cluster` can be set to be used for the import.
 
-![Automatic API import enabled](../assets/images/screenshot_automatic_api_import_enabled.png){ width="60%" style="display: block; margin: 0 auto" }
+![Automatic API import enabled](../assets/images/screenshot_automatic_api_import_enabled.png){ width="80%" style="display: block; margin: 0 auto" }

docs/integrations/epss.md

@@ -7,3 +7,5 @@ SecObserve imports the EPSS data and updates all observations with a CVE value w
 ## Configuration
 
 Per default the task to import the EPSS data and update the observations is scheduled to run every night at 03:00 UTC time. This default can be changed by administrators via the **Background tasks** section in the [Settings](../getting_started/configuration.md#admininistration-in-secobserve).  Hours are always in UTC time.
+
+![EPSS import cron](../assets/images/screenshot_settings_cron_epss.png){ width="80%" style="display: block; margin: 0 auto" }

docs/integrations/exploits.md → docs/integrations/exploit_information.md

@@ -17,6 +17,6 @@ Observations can be filtered by the presence of exploit information and the link
 
 In the `Features` section of the [Settings](../getting_started/configuration.md#admininistration-in-secobserve) the import of exploit information can be enabled or disabled for the whole SecObserve instance. Additionally, the maximum age of CVEs can be set. Data for CVEs older than the specified number of days will not be imported.
 
-![Settings exploit information import](../assets/images/screenshot_settings_automatic_osv_scanning.png){ width="65%" style="display: block; margin: 0 auto" }
+![Settings exploit information import](../assets/images/screenshot_settings_feature_exploit_enrichment.png){ width="80%" style="display: block; margin: 0 auto" }
 
 The import of exploit information runs together with the EPSS import, see [EPSS import / Configuration](./epss.md#configuration).

docs/integrations/vex.md

@@ -9,7 +9,7 @@ A VEX (Vulnerability Exploitability eXchange) document is a form of a security a
 
 The VEX feature is is disabled by default because not all installations will use it. It can be enabled by setting the feature flag `FEATURE_VEX` in the [Settings](../getting_started/configuration.md#admininistration-in-secobserve):
 
-![VEX feature flag](../assets/images/screenshot_vex_feature_flag.png)
+![VEX feature flag](../assets/images/screenshot_vex_feature_flag.png){ width="80%" style="display: block; margin: 0 auto" }
 
 Enabling the feature flag will make the VEX functionality available in the main navigation bar and enable the "VEX justification" field in several places.
 

docs/usage/branches.md

@@ -50,6 +50,8 @@ The parameters are set globally in the [Settings](../getting_started/configurati
 
 Per default the task to delete inactive branches / version including their observations is scheduled to run every night at 02:00 UTC time. This default can be changed by administrators via the **Background tasks** section in the [Settings](../getting_started/configuration.md#admininistration-in-secobserve). Hours are always in UTC time.
 
+![Settings housekeeping](../assets/images/settings_cron_housekeeping.png){ width="80%" style="display: block; margin: 0 auto" }
+
 #### Product specific settings
 
 A product can override the housekeeping behaviour by setting the `Housekeeping` attribute:

mkdocs.yml

@@ -81,7 +81,7 @@ nav:
     - GitHub actions and GitLab CI templates: integrations/github_actions_and_templates.md
     - OpenID Connect: integrations/oidc_authentication.md
     - Exploit Prediction Scoring System (EPSS): integrations/epss.md
-    - Exploits (from cvss-bt): integrations/exploits.md
+    - Exploits (from cvss-bt): integrations/exploit_information.md
     - License data: integrations/license_data.md
     - Source code repositories: integrations/source_code_repositories.md
     - Issue trackers: integrations/issue_trackers.md