csaf_distribution
An implementation of a CSAF 2.0 trusted provider, checker, aggregator and downloader. Includes an uploader command line tool for the trusted provider.
Status: Beta (ready for more testing, but known shortcomings see issues)
is an implementation of the role CSAF Trusted Provider, also offering
a simple HTTPS based management service.
is a command line tool that uploads CSAF documents to the csaf_provider
.
is an implementation of the role CSAF Aggregator.
is a tool for testing a CSAF Trusted Provider according to Section 7 of the CSAF standard.
is a tool for downloading advisories from a provider.
Setup
Note that the server side is only tested
and the binaries available for GNU/Linux-Systems, e.g. Ubuntu LTS.
It is likely to run on similar systems when build from sources.
The windows binaries only include csaf_uploader
and csaf_checker
.
Prebuild binaries
Download the binaries (from the most recent release assets on Github).
Build from sources
-
A recent version of Go (1.17+) should be installed. Go installation
-
Clone the repository git clone https://github.com/MexHigh/csaf_distribution_for_docs_3.git
-
Build Go components Makefile supplies the following targets:
- Build For GNU/Linux System:
make build_linux
- Build For Windows System (cross build):
make build_win
- Build For both linux and windows:
make build
- Build from a specific github tag by passing the intended tag to the
BUILDTAG
variable.
E.g. make BUILDTAG=v1.0.0 build
or make BUILDTAG=1 build_linux
.
The special value 1
means checking out the highest github tag for the build.
- Remove the generated binaries und their directories:
make mostlyclean
Binaries will be placed in directories named like bin-linux-amd64/
and bin-windows-amd64/
.
Setup (Trusted Provider)
License
-
csaf_distribution is licensed as Free Software under MIT License.
-
See the specific source files
for details, the license itself can be found in the directory LICENSES/
.
-
Contains third party Free Software components under licenses that to our best knowledge are compatible at time of adding the dependency, 3rdpartylicenses.md has the details.
-
Check the source file of each schema under /csaf/schema/
to see the source and license of each one.