Skip to content

Commands

celery worker

The worker is the component that synchronize the local database :

$ opencve celery worker --loglevel=INFO

Tip

You can start the worker as a background process with the --detach option.

The whole list of Celery's options can be displayed with the opencve celery worker -- --help command.

celery beat

The scheduler is the component used to periodically kicks off tasks consumed by the worker. Use the following command to start it :

$ opencve celery beat --loglevel=INFO

The interval is set to 15 minutes.

Tip

You can start the worker as a background process with the -D or --detach option.

The whole list of Celery's options can be displayed with the opencve celery beat -- --help command.

create-user

OpenCVE users can be managed throught the CLI, using the create-user command :

$ opencve create-user john john@example.com
Password:
Repeat for confirmation:
[*] User john created.

This is mandatory to create the very first admin :

$ opencve create-user admin admin@example.com --admin
Password:
Repeat for confirmation:
[*] User admin created.

Note

The CLI is only mandatory for the first admin, then you will be able to manage the users with the admin pages.

import-data

This command is used once, during OpenCVE installation, to populate the local database with all CVEs, CWEs, vendors and products :

$ opencve import-data

The following files are downloaded during the process :

  • https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
  • https://cwe.mitre.org/data/xml/cwec_latest.xml.zip
  • https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{year}.json.gz

Warning

Because uncompressed files are parsed in memory, you must have enough RAM to handle the command. We wrote a dedicated section in the FAQ to use the disk space instead.

init

The init command is used to generate the OpenCVE's configuration file :

$ opencve init
[*] Configuration created in /Users/ncrocfer/opencve/opencve.cfg

You can specify the target folder using the OPENCVE_HOME environment variable :

$ export OPENCVE_HOME="/tmp/"
$ opencve init
[*] Configuration created in /tmp/opencve.cfg

You can also directly specify the configuration file with the OPENCVE_CONFIG :

$ export OPENCVE_CONFIG="/tmp/config.cfg"
$ opencve init
[*] Configuration created in /tmp/config.cfg

migrate-nvd

The migrate-nvd command is used to migrate the cves.json column of the database from JSON 4.0 to 5.0 format:

$ opencve migrate-nvd

You need to stop the Celery worker and beat processes during this migration.

upgrade-db

This command handles the database operations, like tables and indexes creations :

$ opencve upgrade-db

Info

You have to execute it during the installation process, but we also recommend you to launch it each time you upgrade OpenCVE, to automatically upgrade the database schema if needed.

webserver

OpenCVE uses Gunicorn to handle the webserver :

$ opencve webserver
[2021-03-25 17:10:05 +0100] [29464] [INFO] Starting gunicorn 20.0.4
[2021-03-25 17:10:05 +0100] [29464] [INFO] Listening at: http://127.0.0.1:8000 (29464)
[2021-03-25 17:10:05 +0100] [29464] [INFO] Using worker: sync
[2021-03-25 17:10:05 +0100] [29470] [INFO] Booting worker with pid: 29470

You can find the list of options in Gunicorn's official documentation. For example the -b option can be used to bind another port :

$ opencve webserver -b 0.0.0.0:8888
...
[2021-03-25 17:11:04 +0100] [29511] [INFO] Listening at: http://0.0.0.0:8080 (29511)
...

Note

Change the webserver's binding implies to also change the server_name configuration.