Skip to content

FAQ

What changes between OpenCVE v1 and v2?

OpenCVE v2 is based on user feedbacks regarding how they use the v1:

  1. they want a tool that is more collaborative
  2. they want a tool that is more easily monitorable
  3. they want a tool with more functionalities

For these reasons we decided to completely refactor the code base and use new technologies:

  • we switch from Flask to Django to speed up the development and brings new features more regularly
  • we switch from basic Celery workflow to the Airflow scheduler to improve the resiliency and monitoring of backend tasks

With these new technologies we're now able to easily add new features. For instance the first 2.0 release will already including the support of organizations, projects and members, so users will now be able to manage their subscriptions in different projects.

Then we'll be able to add more easily new features, such as:

  • support of advisories (Debian DSA, Ubuntu USN, Github GHSA, ...)
  • provide SSO authentication
  • a read-write API instead of the current read-only one
  • advanced notifications (Webhook, Slack, Jira, ...)
  • CVE custom states (acknowledged, analysing, rejected, ...)
  • and so on

The first release of this OpenCVE v2 branch is planned for Feb/Mar 2024, but you can already check the code in the v2 development branch.

Of course, we'll update this documentation for data migration from v1 to v2.

How to change the server name ?

By default OpenCVE's webserver listens on 127.0.0.1:8000, but you can easily change that.

The first step is to set the server_name config of the opencve.cfg file (this setting is used by OpenCVE to correctly construct the URLs in the email templates):

$ cat ~/opencve/opencve.cfg
[core]
server_name = 0.0.0.0:8080
...

Then you can use the -b option of the webserver command to choose your wanted binding:

$ opencve webserver -b 0.0.0.0:8080
[2021-03-27 11:21:12 +0100] [57622] [INFO] Starting gunicorn 20.0.4
[2021-03-27 11:21:12 +0100] [57622] [INFO] Listening at: http://0.0.0.0:8080 (57622)
[2021-03-27 11:21:12 +0100] [57622] [INFO] Using worker: sync
[2021-03-27 11:21:12 +0100] [57676] [INFO] Booting worker with pid: 57676

Tip

In fact the webserver command is just a wrapper on top of the gunicorn command, so you can use all the options provided by this WSGI server.

How to use the disk space for the import-data command ?

OpenCVE has to parse the CPE dictionnary to insert vendors and products in its PostgreSQL database, as well as the CVE and CWE list.

Because the parsing is done in memory, the import-data command requires 5 GB RAM at least. If

In case you don't have 5 GB RAM available and you have disk space, you can use a swap file to do the initial import of CVEs:

$ fallocate -l 5G /swapfile
$ chmod 600 /swapfile
$ mkswap /swapfile
$ swapon /swapfile

When the import is done, you can clean the swapfile with the following commands:

$ swapoff /swapfile
$ rm /swapfile