-
Docker to deploy the tool.
-
Git Large Files Storage (git-lfs) for cloning correctly the seeds of the repository.
Create a .env from template.env file.
In proxy enviroments the .env configuration must be added directly to the Dockerfiles.
-
How to get a GitHub API key.
-
How to get a API key from the National Vulnerability Database (NVD).
-
Modify the Json Web Token (JWT) secret key with your own. You can generate your own with the command node -e "console.log(require('crypto').randomBytes(32).toString('hex'))".
Run command 'docker compose up --build'. The vulnerability database will be loaded with the data automatically extracted from the NVD up to the date of the release being downloaded. And it will automatically update to the present time before deploying the backend. If you want to avoid the update and the time it takes, you can comment out the lifespan function in the /backend/app/main.py file.
- You can create your graphs from scratch or load existing ones used in the experimentation of other articles or simply built and that can help in the creation of new graphs (this task can be time consuming). To do this use the script seeds/graphdb_seeder.sh if you are on Linux or graphdb_seeder.bat if you are on Windows.
Enter here for the frontend Web API.
-
It is recommended to use a GUI such as MongoDB Compass to see what information is being indexed in vulnerability database.
-
You can see the created graph built for pip, npm and mvn clicking in this names. Using the Neo4J browser interfaces.