Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate VDR Using Github Actions #15

Merged
merged 24 commits into from
May 28, 2024
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
a36bb34
rename ci, add vdr creation yml
Scanteianu May 6, 2024
3f4b755
Merge branch 'main' of https://github.com/adoptium/temurin-vdr-genera…
Scanteianu May 10, 2024
5f07c11
try to run the downloader and upload partial
Scanteianu May 10, 2024
ff1702c
add trigger on PR
Scanteianu May 10, 2024
d80fc16
make data dir
Scanteianu May 10, 2024
b287aa4
run the conversion script
Scanteianu May 10, 2024
41a7c80
run vdr creation for the whole vdr period
Scanteianu May 10, 2024
b1307bc
fix vdr artifact name
Scanteianu May 10, 2024
a10c873
try to make nist calls use api key
Scanteianu May 13, 2024
9ee0d94
fix the build
Scanteianu May 13, 2024
772b483
add flush
Scanteianu May 13, 2024
9f29bfb
Apply suggestions from gadams
Scanteianu May 13, 2024
2058d6d
add the api key secret, remove branches from workflows
Scanteianu May 13, 2024
d76a507
check api key is actually there
Scanteianu May 13, 2024
d9e5234
Merge branch 'main' into vdr_generation_gh_action
karianna May 14, 2024
3a18942
remove pip and flake8 from the installs
Scanteianu May 14, 2024
d270e5a
update comments
Scanteianu May 14, 2024
b0fb849
Merge branch 'main' of https://github.com/adoptium/temurin-vdr-genera…
Scanteianu May 17, 2024
1d3198d
rm newlines
Scanteianu May 17, 2024
e956229
Merge branch 'main' into vdr_generation_gh_action
Scanteianu May 21, 2024
6f1b33c
Merge branch 'main' into vdr_generation_gh_action
karianna May 23, 2024
0d34532
fix flaky inability to find risk matrix
Scanteianu May 23, 2024
0068eb5
Merge branch 'main' into vdr_generation_gh_action
Scanteianu May 23, 2024
6bdcd34
Update .github/workflows/vdr-creation.yml
gdams May 28, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
File renamed without changes.
46 changes: 46 additions & 0 deletions .github/workflows/vdr-creation.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: VDR Creation

on:
workflow_dispatch:
push:
branches: [ main ]
pull_request: # todo: do we want it to run on all PRs?
gdams marked this conversation as resolved.
Show resolved Hide resolved
branches: [ main ]


jobs:
build:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

- name: Set up Python 3.10
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: "3.10"

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install flake8 pytest
gdams marked this conversation as resolved.
Show resolved Hide resolved
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi

- name: Download ojvg
env:
NIST_NVD_TOKEN: ${{ secrets.NIST_NVD_TOKEN }}
gdams marked this conversation as resolved.
Show resolved Hide resolved
run: |
mkdir -p data
python3 ojvg_download.py
python3 ojvg_convert.py
- name: Upload data directory (for debugging/introspection)
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: data directory
path: data
- name: Upload final vdr
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: final vdr
path: data/vdr.json
12 changes: 11 additions & 1 deletion cvereporter/nist_enhance.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
)
import requests
import json
import time
import os

"""
this file has the utilities for downloading data about cves from NIST and updating Vulnerability objects with the data
Expand All @@ -14,7 +16,15 @@

def fetch_nist(url: str, id: str) -> dict:
data = None
nist_resp = requests.get(url)
nist_resp = None
if "NIST_NVD_TOKEN" in os.environ and os.environ["NIST_NVD_TOKEN"]: # check not empty
print("making call to NIST using api key! "+url, flush=True)
time.sleep(1) # stay well within 50 requests/30 seconds
nist_resp = requests.get(url, headers= {"apiKey": os.environ["NIST_NVD_TOKEN"]})
else:
print("making call to NIST without using api key! "+url, flush=True)
time.sleep(10) # stay well within 5 requests/30 seconds
nist_resp = requests.get(url)
if nist_resp.status_code != 200:
print(
"error fetching {}; status code: {}; text: {}".format(
Expand Down