CVE-in-My-Code is a tool specifically created to fetch the latest CVEs periodically, and extract information about the vulnerable product and its version, and then search for occurrences of these vulnerable components in the organization's GitHub repositories. This tool offers near real-time monitoring of the most up-to-date CVE data and promptly notifies users about actionable CVEs via Slack.
- Automated retrieval and storage of CVE data periodically using nvd API.
- Extract vulnerable components (Product/Framework/Libraries) using mitre API.
- Search for vulnerable components using Github API.
- Slack Notifications for each new actionable CVE entries using slack webhooks.
- Health check mechanism using webhooks.
- Python 3.x is required.
- SQLite database.
- Clone the repository:
git clone https://github.com/abhiunix/cve-in-my-code
cd cve-in-my-code
- Install the required dependencies:
pip install -r requirements.txt
- Set up environment variables:
- Create a
.env
file in the project directory. - Define the following variables in the
.env
file:webhook_url=<your_slack_webhook_url> health_check_webhook=<your_health_check_webhook_url> github_token=<your-personal github token>
Run the script manually for the initial setup:
python3 timestamp.py
python3 cve-in-my-code.py
-
Open the crontab file:
crontab -e
-
Add the following line to run the script every 5 minutes:
*/5 * * * * /usr/bin/python3 /path/to/cve-in-my-code.py
-
Save and exit the crontab file.
Contributions to CVE-in-My-Code are welcome! Please fork the repository, make your enhancements, and submit a pull request.
- Parse the
description
of the vulnerabilities and extractframework/Library/Software
name and vulnerable version. - Search for the extracted
library
andversion
in organizations codebase using github/bitbucket APIs. - Actionable alerts on slack if any vulnerable
library/framework
found in code base. - Add other CVE databases.
- Search feature for Bitbucket, GitLabs.