Commands
celery worker
The worker is the component that synchronize the local database :
$ opencve celery worker --loglevel=INFO
Tip
You can start the worker as a background process with the --detach
option.
The whole list of Celery's options can be displayed with the opencve celery worker -- --help
command.
celery beat
The scheduler is the component used to periodically kicks off tasks consumed by the worker. Use the following command to start it :
$ opencve celery beat --loglevel=INFO
The interval is set to 15 minutes.
Tip
You can start the worker as a background process with the -D
or --detach
option.
The whole list of Celery's options can be displayed with the opencve celery beat -- --help
command.
create-user
OpenCVE users can be managed throught the CLI, using the create-user
command :
$ opencve create-user john john@example.com
Password:
Repeat for confirmation:
[*] User john created.
This is mandatory to create the very first admin :
$ opencve create-user admin admin@example.com --admin
Password:
Repeat for confirmation:
[*] User admin created.
Note
The CLI is only mandatory for the first admin, then you will be able to manage the users with the admin pages.
import-data
This command is used once, during OpenCVE installation, to populate the local database with all CVEs, CWEs, vendors and products :
$ opencve import-data
The following files are downloaded during the process :
- https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz
- https://cwe.mitre.org/data/xml/cwec_latest.xml.zip
- https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{year}.json.gz
Warning
Because uncompressed files are parsed in memory, you must have enough RAM to handle the command. We wrote a dedicated section in the FAQ to use the disk space instead.
init
The init
command is used to generate the OpenCVE's configuration file :
$ opencve init
[*] Configuration created in /Users/ncrocfer/opencve/opencve.cfg
You can specify the target folder using the OPENCVE_HOME
environment variable :
$ export OPENCVE_HOME="/tmp/"
$ opencve init
[*] Configuration created in /tmp/opencve.cfg
You can also directly specify the configuration file with the OPENCVE_CONFIG
:
$ export OPENCVE_CONFIG="/tmp/config.cfg"
$ opencve init
[*] Configuration created in /tmp/config.cfg
migrate-nvd
The migrate-nvd
command is used to migrate the cves.json
column of the database from JSON 4.0 to 5.0 format:
$ opencve migrate-nvd
You need to stop the Celery worker and beat processes during this migration.
upgrade-db
This command handles the database operations, like tables and indexes creations :
$ opencve upgrade-db
Info
You have to execute it during the installation process, but we also recommend you to launch it each time you upgrade OpenCVE, to automatically upgrade the database schema if needed.
webserver
OpenCVE uses Gunicorn to handle the webserver :
$ opencve webserver
[2021-03-25 17:10:05 +0100] [29464] [INFO] Starting gunicorn 20.0.4
[2021-03-25 17:10:05 +0100] [29464] [INFO] Listening at: http://127.0.0.1:8000 (29464)
[2021-03-25 17:10:05 +0100] [29464] [INFO] Using worker: sync
[2021-03-25 17:10:05 +0100] [29470] [INFO] Booting worker with pid: 29470
You can find the list of options in Gunicorn's official documentation. For example the -b
option can be used to bind another port :
$ opencve webserver -b 0.0.0.0:8888
...
[2021-03-25 17:11:04 +0100] [29511] [INFO] Listening at: http://0.0.0.0:8080 (29511)
...
Note
Change the webserver's binding implies to also change the server_name configuration.