-
Notifications
You must be signed in to change notification settings - Fork 20
User Use Case: Scheduling CVE Search by Admins
#How to schedule the CVE-Search Service
SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service.
In what follows the synchronization between SW360 and the external CVE provider is described.
CveSearch-updates
can either be scheduled automatically when launching the schedule-service
(e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an SW360 admin
.
It is automatically scheduled with the start of the scheduling service, if in the /resources/sw360.properties
file of the schedule-service
in the backend, cvesearchService
is mentioned in the autostart
-property:
autostart = cvesearchService
According to the default settings, cveSearch is not auto-started with the scheduling service.
For manually scheduling the CVE search service, open the Schedule Portlet
of the Admin
menu. Note that the Admin
menu is only visible to SW360 admins
.
In the Schedule Portlet
of the Admin
menu, a user with admin
rights can turn on or off automatic updates of the cve-search service manually.
In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the Schedule CveSearch Updates
-button is inactive, whereas the Cancel Scheduled CveSearch Updates
-button is active and vice versa:
The offset
(first run of the update) and the interval
between updates can also be adjusted in the /resources/sw360.properties
file of the src-schedule
service.
The corresponding properties are schedule.cvesearch.firstOffset.seconds
and schedule.cvesearch.interval.seconds
.
The offset
has to be given in seconds since midnight and also the interval
has to be entered in seconds.
The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).
schedule.cvesearch.firstOffset.seconds = 0
schedule.cvesearch.interval.seconds = 86400
With automatic scheduling the next synchronization moment according to the offset
and the interval
is computed. This will be the first moment when a cveSearch-update
is run.
There is nothing like an initial run
when autostarting of manually scheduling the CveSearch-updates
.
Moreover, the configuration, i.e. offset
, interval
and next synchronization
(where the latter is a consequence of offset
and interval
) are shown in the portlet:
It is recommended to set up and use a local instance instead of the public cve-search instance. The accompanying project sw360-chores contains a Dockerfile that can easily setup this service.