Skip to content

Manual Installation

OpenCVE can simply be installed using pip :

$ pip install opencve

Configuration file

OpenCVE uses an opencve.cfg file to handle its configuration (database access, mail config, pagination...).

So the first step is to create this configuration file. You can do it with the init command :

$ opencve init
[*] Configuration created in /Users/ncrocfer/opencve/opencve.cfg

Tip

A custom path can be specified in the OPENCVE_CONFIG environment variable. Check the init documentation for more details.

Initialize the database

The database is configured with the database_uri variable of the opencve.cfg file :

$ vim ~/opencve/opencve.cfg
...
database_uri = postgresql://john:mysupersecret@servername:5432/opencve
...

Once done the upgrade-db command will create all the tables :

$ opencve upgrade-db

Because it uses the JSONB feature for performance, OpenCVE only supports PostgreSQL.

The pg_trgm module of PostgreSQL is required to let you search in the CVEs list. The upgrade-db command will enable it for you, but you can also do it yourself if you prefer (CREATE EXTENSION pg_trgm).

Info

From PostgreSQL 13 this module is considered as trusted, meaning it can be installed by non-superusers with the CREATE privilege.

Import the data

The tables are created, you can now populate them using the import-data command :

$ opencve import-data

This command download the list of CPE, the list of CWE and each CVE's year (from 2002 until now), so it can take several minutes. Don't worry you will only do it once.

Warning

The NVD data are downloaded, extracted and then parsed in-memory before being inserted in the database. For that the import-data command needs 5GB at least to correctly do its job. Afterwards, the worker use very small memory as only the diff is used with the NVD.

If you launch opencve import-data without this memory space the command will be killed (OOM) by your operating system and your data will be incompletes.

We wrote a documentation to handle this problem using a SWAP file.

Start the workers

The synchronization between the OpenCVE database and the CVE list is done using a periodic Celery task.

The configuration of Celery is done through the celery_broker_url and the celery_result_backend configurations :

$ vim ~/opencve/opencve.cfg
...
celery_broker_url = redis://127.0.0.1:6379/0
celery_result_backend = redis://127.0.0.1:6379/1
...

Info

Celery supports several transports, like Redis and RabbitMQ. You can find more information on the official documentation.

The worker and the scheduler can then be started with the following commands :

$ opencve celery worker -l INFO
$ opencve celery beat -l INFO

Create an admin

You can now create the admin :

$ opencve create-user john john.doe@example.com --admin
Password:
Repeat for confirmation:
[*] User john created.

Tip

This command is required for the first admin, then you will be able to manage the users with the admin pages.

Start the webserver

You can finally launch the webserver and visit OpenCVE at http://127.0.0.1:8000 :

$ opencve webserver
[2020-07-14 20:38:06 +0200] [16032] [INFO] Starting gunicorn 20.0.4
[2020-07-14 20:38:06 +0200] [16032] [INFO] Listening at: http://127.0.0.1:8000 (16032)
[2020-07-14 20:38:06 +0200] [16032] [INFO] Using worker: sync
[2020-07-14 20:38:06 +0200] [16040] [INFO] Booting worker with pid: 16040

Tip

The server name can be configured in the opencve.cfg file with the server_name variable. See the documentation for that.