How.Depex.Works.mp4
-
Docker to deploy the tool.
-
Git Large Files Storage (git-lfs) for cloning correctly the seeds of the repository.
Create a .env from template.env file.
-
How to get a GitHub API key.
-
How to get a API key from the National Vulnerability Database (NVD).
-
Modify the Json Web Token (JWT) secret key with your own. You can generate your own with the command node -e "console.log(require('crypto').randomBytes(32).toString('hex'))".
Run command 'docker compose up --build'. The vulnerability database will be loaded with the data automatically extracted from the NVD up to the date of the release being downloaded. And it will automatically update to the present time before deploying the backend. If you want to avoid the update and the time it takes, you can comment out the lifespan function in the /backend/app/main.py file.
- You can create your graphs from scratch or load existing ones used in the experimentation of other articles or simply built and that can help in the creation of new graphs (this task can be time consuming). To do this use the script seeds/graphdb_seeder.sh if you are on Linux or graphdb_seeder.bat if you are on Windows.
Enter here for the frontend Web API.
-
It is recommended to use a GUI such as MongoDB Compass to see what information is being indexed in vulnerability database.
-
You can see the created graph built for pip, npm and mvn clicking in this names. Using the Neo4J browser interfaces.
Define these variables in an .env file that can be referenced by docker-compose.yml. Example .env file:
HTTP_PROXY=http://proxy.example.com:port
HTTPS_PROXY=https://proxy.example.com:port
NO_PROXY=localhost,127.0.0.1
Add the proxy configuration defined in the .env file, for example to the following docker-compose.yml file:
services:
app:
image: your-app-image
build: .
env_file:
- .env
ports:
- "8080:80"