vulnerability-engine

Vulnerability Engine

Versioning

This project uses semantic versioning https://semver.org/. This process is automated by using Python Semantic Release. Commits need to use this format.

Requirements

• VMaaS (Vulnerability Metadata as a Service)

  • Provides core functionality for evaluating vulnerabilities
  • https://github.com/RedHatInsights/vmaas

• Insights Platform

  • Upload service, Inventory, Kafka message queue
  • Mocked Platform service is part of this repository (for development purposes)

Local testing

Build images and start containers:

docker-compose up --build

Building parameters:

PIPENV_CHECK=0 docker-compose up --build # Builds images without performing "pipenv check" command

Engine usage:

# Generate testing Insights archive
echo '{"package_list": ["kernel-3.10.0-862.el7.x86_64"], "repository_list": ["rhel-7-server-rpms"]}' | ./scripts/generate_insights_archive.py -o /tmp/insights-archive.tar.gz -

# Upload Insights archive to Platform mock
./scripts/3scale-mock -a 123456 curl -X POST -F "file=@/tmp/insights-archive.tar.gz" http://localhost:8100/api/v1/upload

# Check systems details
./scripts/3scale-mock -a 123456 curl -X GET http://localhost:8300/api/vulnerability/v1/systems

# Upload Insights archive to Platform mock and send message to Listener 10 times
./scripts/3scale-mock -a 123456 curl -X POST -F "file=@/tmp/insights-archive.tar.gz" -H "x-upload-multiplier: 10" http://localhost:8100/api/v1/upload

# Delete system
curl -X DELETE http://localhost:8100/api/v1/delete/be012439-26ae-456c-99a6-27b402331064

Database

Switch into database container and run database terminal:

docker exec -it vulnerability-engine-database bash -c "psql -d vulnerability"

Run tests

You can run all tests from scratch just after cloning repo using command:

docker-compose -f docker-compose.test.yml up --build --exit-code-from test

Developing / Debugging

You can tune metrics using Prometheus and Grafana dev containers, see doc/metrics.md.