CVE-in-My-Code is a tool specifically created to fetch the latest CVEs periodically, and extract information about the vulnerable product and its version, and then search for occurrences of these vulnerable components in the organization's GitHub repositories. This tool offers near real-time monitoring of the most up-to-date CVE data and promptly notifies users about actionable CVEs via Slack.
- Automated retrieval and storage of CVE data periodically using nvd API.
- Extract vulnerable components (Product/Framework/Libraries) using mitre API.
- Search for vulnerable components using Github API.
- Slack Notifications for each new actionable CVE entries using slack webhooks.
- Health check mechanism using webhooks.
- Python 3.x is required.
- SQLite database.
- Clone the repository:
git clone https://github.com/abhiunix/cve-in-my-code
cd cve-in-my-code
- Install the required dependencies:
pip install -r requirements.txt
- Set up environment variables:
- Create a
.envfile in the project directory. - Define the following variables in the
.envfile:webhook_url=<your_slack_webhook_url> health_check_webhook=<your_health_check_webhook_url> github_token=<your-personal github token>
Run the script manually for the initial setup:
python3 timestamp.py
python3 cve-in-my-code.py
-
Open the crontab file:
crontab -e -
Add the following line to run the script every 5 minutes:
*/5 * * * * /usr/bin/python3 /path/to/cve-in-my-code.py -
Save and exit the crontab file.
Contributions to CVE-in-My-Code are welcome! Please fork the repository, make your enhancements, and submit a pull request.
- Parse the
descriptionof the vulnerabilities and extractframework/Library/Softwarename and vulnerable version. - Search for the extracted
libraryandversionin organizations codebase using github/bitbucket APIs. - Actionable alerts on slack if any vulnerable
library/frameworkfound in code base. - Add other CVE databases.
- Search feature for Bitbucket, GitLabs.