Skip to content

Tools to download or provide CSAF (Common Security Advisory Framework) documents.

Notifications You must be signed in to change notification settings

clouditor/csaf_distribution

 
 

Repository files navigation

csaf_distribution

An implementation of a CSAF 2.0 Spec (Errata) trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider.

Tools for users

is a tool for downloading advisories from a provider. Can be used for automated forwarding of CSAF documents.

is a tool to validate local advisories files against the JSON Schema and an optional remote validator.

Tools for advisory providers

is an implementation of the role CSAF Trusted Provider, also offering a simple HTTPS based management service.

is a command line tool to upload CSAF documents to the csaf_provider.

is a tool for testing a CSAF Trusted Provider according to Section 7 of the CSAF standard.

is a CSAF Aggregator, to list or mirror providers.

Other stuff

are small examples of how to use github.com/csaf-poc/csaf_distribution as an API. Currently this is a work in progress, as usage of this repository as a library to access is not officially supported, e.g. see gocsaf#367 .

Setup

Binaries for the server side are only available and tested for GNU/Linux-Systems, e.g. Ubuntu LTS. They are likely to run on similar systems when build from sources.

The windows binary package only includes csaf_downloader, csaf_validator, csaf_checker and csaf_uploader.

The MacOS binary archives come with the same set of client tools and are community supported. Which means: while they are expected to run fine, they are not at the same level of testing and maintenance as the Windows and GNU/Linux binaries.

Prebuild binaries

Download the binaries from the most recent release assets on Github.

Build from sources

  • A recent version of Go (1.21+) should be installed. Go installation

  • Clone the repository git clone https://github.com/csaf-poc/csaf_distribution.git

  • Build Go components Makefile supplies the following targets:

    • Build for GNU/Linux system: make build_linux
    • Build for Windows system (cross build): make build_win
    • Build for macOS system on Intel Processor (AMD64) (cross build): make build_mac_amd64
    • Build for macOS system on Apple Silicon (ARM64) (cross build): make build_mac_arm64
    • Build For GNU/Linux, macOS and Windows: make build
    • Build from a specific git tag by passing the intended tag to the BUILDTAG variable. E.g. make BUILDTAG=v1.0.0 build or make BUILDTAG=1 build_linux. The special value 1 means checking out the highest git tag for the build.
    • Remove the generated binaries und their directories: make mostlyclean

Binaries will be placed in directories named like bin-linux-amd64/ and bin-windows-amd64/.

Setup (Trusted Provider)

Development

For further details of the development process consult our development page.

License

  • csaf_distribution is licensed as Free Software under the terms of the Apache License, Version 2.0.

  • See the specific source files for details, the license itself can be found in the directory LICENSES/.

  • Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.

  • Check the source file of each schema under /csaf/schema/ to see the source and license of each one.

About

Tools to download or provide CSAF (Common Security Advisory Framework) documents.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 97.8%
  • HTML 1.3%
  • Makefile 0.9%