The FASTEN Vulnerability Producer gathers information from different sources, enriches the data with patch details and then publishes it to a Kafka topic. It is designed to be used as a standalone tool.

Arguments

• -h --help Show this help message and exit.
• -f --json_file Path to JSON file which contains Vulnerability Objects.
• -dam --db_auth_mongo Mongo Authentication Database
• -mu --mongo_user Username to use to connect to Mongo
• -mdb --mongo_db Mongo Database name to connect to
• -mh --mongo_host Host where GHTorrent instance is hosted
• -k --kafka_server Kafka server to connect to. Use multiple times for clusters.

Usage

A couple of environmental variables need to be set in order to run the plugin:

• FASTEN_GHTOKEN - GitHub token to use in order to call the GitHub API
• FASTEN_MONGOPASS - Password to access the MongoDB instance of GHTorrent

Gathering and publishing vulnerability information

FASTEN_GHTOKEN=token FASTEN_MONGOPASS=pass -mu user -dam admin -mdb github -mh 127.0.0.1

Reading information from the JSON file and publishing it

-f vulnerabilities/data.json

For more detailed information regarding the sources of information and the architecture, see here.

Join the community

The FASTEN software package management efficiency relies on an open community contributing to open technologies. Related research projects, R&D engineers, early users and open source contributors are welcome to join the FASTEN community, to try the tools, to participate in physical and remote worshops and to share our efforts using the project community page and the social media buttons below.