OpenCVE can simply be installed using
$ pip install opencve
OpenCVE uses an
opencve.cfg file to handle its configuration (database access, mail config, pagination...).
So the first step is to create this configuration file. You can do it with the
init command :
$ opencve init [*] Configuration created in /Users/ncrocfer/opencve/opencve.cfg
A custom path can be specified in the
OPENCVE_CONFIG environment variable. Check the init documentation for more details.
Initialize the database
The database is configured with the
database_uri variable of the
opencve.cfg file :
$ vim ~/opencve/opencve.cfg ... database_uri = postgresql://john:mysupersecret@servername:5432/opencve ...
Once done the
upgrade-db command will create all the tables :
$ opencve upgrade-db
Because it uses the JSONB feature for performance, OpenCVE only supports PostgreSQL.
Import the data
The tables are created, you can now populate them using the
import-data command :
$ opencve import-data
This command download the list of CPE, the list of CWE and each CVE's year (from 2002 until now), so it can take several minutes. Don't worry you will only do it once.
The NVD data are downloaded, extracted and then parsed in-memory before being inserted in the database. For that the
import-data command needs 5GB at least to correctly do its job. Afterwards, the worker use very small memory as only the diff is used with the NVD.
If you launch
opencve import-data without this memory space the command will be killed (OOM) by your operating system and your data will be incompletes.
We wrote a documentation to handle this problem using a SWAP file.
Start the workers
The synchronization between the OpenCVE database and the CVE list is done using a periodic Celery task.
The configuration of Celery is done through the
celery_broker_url and the
celery_result_backend configurations :
$ vim ~/opencve/opencve.cfg ... celery_broker_url = redis://127.0.0.1:6379/0 celery_result_backend = redis://127.0.0.1:6379/1 ...
Celery supports several transports, like Redis and RabbitMQ. You can find more information on the official documentation.
The worker and the scheduler can then be started with the following commands :
$ opencve celery worker -l INFO $ opencve celery beat -l INFO
Create an admin
You can now create the admin :
$ opencve create-user john firstname.lastname@example.org --admin Password: Repeat for confirmation: [*] User john created.
This command is required for the first admin, then you will be able to manage the users with the admin pages.
Start the webserver
You can finally launch the webserver and visit OpenCVE at
$ opencve webserver [2020-07-14 20:38:06 +0200]  [INFO] Starting gunicorn 20.0.4 [2020-07-14 20:38:06 +0200]  [INFO] Listening at: http://127.0.0.1:8000 (16032) [2020-07-14 20:38:06 +0200]  [INFO] Using worker: sync [2020-07-14 20:38:06 +0200]  [INFO] Booting worker with pid: 16040
The server name can be configured in the
opencve.cfg file with the
server_name variable. See the documentation for that.