quick and dirty Dockerfile

docker/Dockerfile

@@ -0,0 +1,64 @@
+FROM debian
+
+# This is not an ultra fast build, takes appx. 10 min on a powerful PC.
+# It strictly follows the installation instructions, so everything
+# is running in one container.
+
+# Prepare the OS
+RUN apt-get update && apt-get -y upgrade
+RUN apt install -y pipx git make gcc g++ make cmake autoconf automake libtool python3 libssl-dev
+RUN pipx install poetry && env
+ENV PATH=/root/.local/bin:$PATH
+
+# Install Redis from source
+RUN git clone https://github.com/redis/redis.git
+RUN cd redis && git checkout 7.2
+RUN cd redis && make
+
+# Install KVRocks from source (takes a moment)
+RUN git clone --recursive https://github.com/apache/incubator-kvrocks.git kvrocks
+RUN cd kvrocks ; git checkout v2.5.1
+RUN cd kvrocks ; ./x.py build
+
+# Install vulnerablity-lookup from source
+RUN git clone --recursive https://github.com/cve-search/vulnerability-lookup.git
+RUN cd vulnerability-lookup ; git submodule update --init
+RUN ls -la
+RUN cd vulnerability-lookup ; poetry install
+RUN echo VULNERABILITYLOOKUP_HOME="/vulnerability-lookup" >> .env
+
+# We need the CSAF Tools
+RUN apt install -y wget
+
+# this was build on a ARM machine, change to AMD if on Intel
+RUN wget https://dl.google.com/go/go1.22.2.linux-arm64.tar.gz
+RUN tar -C /usr/local -xzf go1.22.2.linux-arm64.tar.gz
+ENV PATH=/usr/local/go/bin:$PATH
+RUN git clone https://github.com/csaf-poc/csaf_distribution.git 
+RUN cd csaf_distribution ; make build_linux
+
+COPY run.sh /
+RUN chmod +x /run.sh
+
+#
+# Please check the following edits:
+#
+# 1/ generic.json needs a hostname, set "public_domain": "localhost:10001"
+#
+# 2/ CSAF downloader path must be changed to installation location in generic.json:
+# "csaf_downloader_path": "/csaf_distribution/bin-linux-amd64/csaf_downloader",
+#
+# 3/ Add your NVD key to modules.cfg
+#
+
+COPY generic.json vulnerability-lookup/config
+COPY logging.json vulnerability-lookup/config
+COPY modules.cfg vulnerability-lookup/config
+
+# We overwrite the config file to enable network access to redis
+COPY cache.conf /vulnerability-lookup/cache/cache.conf
+
+EXPOSE 10001
+EXPOSE 10002
+
+CMD /run.sh

docker/generic.json

@@ -0,0 +1,22 @@
+{
+ "loglevel": "INFO",
+ "website_listen_ip": "0.0.0.0",
+ "website_listen_port": 10001,
+ "systemd_service_name": "vulnerability-lookup",
+ "storage_db_hostname": "127.0.0.1",
+ "storage_db_port": 10002,
+ "output_dir": "output",
+ "public_domain": "localhost:10001",
+ "csaf_downloader_path": "/csaf_distribution/bin-linux-amd64/csaf_downloader",
+ "_notes": {
+ "loglevel": "(lookyloo) Can be one of the value listed here: https://docs.python.org/3/library/logging.html#levels",
+ "website_listen_ip": "IP Flask will listen on. Defaults to 0.0.0.0, meaning all interfaces.",
+ "website_listen_port": "Port Flask will listen on.",
+ "systemd_service_name": "(Optional) Name of the systemd service if your project has one.",
+ "storage_db_hostname": "Hostname or IP of the kvrocks instance. Must be the same as in storage/kvrocks.conf",
+ "storage_db_port": "Port of the kvrocks instance. Must be the same as in storage/kvrocks.conf",
+ "output_dir": "Output directory for fetchers",
+ "public_domain": "Public domain used for template generating links such as the RSS feeds",
+ "csaf_downloader_path": "Full path to the csaf_downloader. Get it from there: https://github.com/csaf-poc/csaf_distribution/"
+ }
+}

docker/logging.json

@@ -0,0 +1,33 @@
+{
+ "version": 1,
+ "disable_existing_loggers": false,
+ "formatters": {
+ "simple": {
+ "format": "%(asctime)s %(name)s %(levelname)s:%(message)s"
+ }
+ },
+ "handlers": {
+ "stdout": {
+ "class": "logging.StreamHandler",
+ "level": "INFO",
+ "formatter": "simple",
+ "stream": "ext://sys.stdout"
+ },
+ "file": {
+ "class": "logging.handlers.RotatingFileHandler",
+ "level": "WARNING",
+ "formatter": "simple",
+ "filename": "logs/warning.log",
+ "mode": "a",
+ "maxBytes": 1000000,
+ "backupCount": 5
+ }
+ },
+ "root": {
+ "level": "DEBUG",
+ "handlers": [
+ "stdout",
+ "file"
+ ]
+ }
+}

docker/modules.cfg

@@ -0,0 +1,18 @@
+[feeder:nvd]
+apikey = XXXXX
+level = DEBUG
+
+[feeder:cvelistv5]
+level = DEBUG
+
+[feeder:gsd]
+level = DEBUG
+
+[feeder:github]
+level = DEBUG
+
+[feeder:pysec]
+level = DEBUG
+
+[feeder:cisa_known_exploited]
+level = DEBUG

docker/run.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+export VULNERABILITYLOOKUP_HOME='/vulnerability-lookup'
+cd vulnerability-lookup && poetry run start
+sleep infinity