Skip to content
/ nist-data-mirror Public
forked from stevespringett/nist-data-mirror

A simple Java command-line utility to mirror the CPE/CVE XML data from NIST.

License

Apache-2.0 license
0 stars 91 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bwhitmore/nist-data-mirror

BranchesTags
 
 

Repository files navigation

License

NIST Data Mirror

A compatible branch of Steve Springett's nist-data-mirror tool.

This branch is still under development. Use with caution!

This work adds the following features:

  • can also download the NSRL hash sets
  • can recursively unpack the downloaded files
  • adds support for unpacking the UDF (DVD) images that the NSRL provides
  • also supports using the package as a library, complete with javadoc.

Usage

Building

mvn clean package javadoc:javadoc

Running

./NistDataMirror.sh <mirror-directory>

or for a complete list of command line options:

./NistDataMirror.sh --help

nist-data-mirror is Copyright (c) Steve Springett and Brent Whitmore. All Rights Reserved.

Dependency-Check is Copyright (c) Jeremy Long. All Rights Reserved.

Portions of nist-data-mirror are Copyright 2015-2016 Kaitai Project, released under the MIT license

Permission to modify and redistribute nist-data-mirror, including any modifications and extensions to software originally released under MIT license, is granted under the terms of the Apache 2.0 license. See the [LICENSE] Apache 2.0 file for the full license.

From Steve's original page:

Build Status Codacy Badge License

A simple Java command-line utility to mirror the NVD (CPE/CVE XML and JSON) data from NIST.

The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.

nist-data-mirror does not rely on any third-party dependencies, only the Java SE core libraries. It can be used in combination with OWASP Dependency-Check in order to provide Dependency-Check a mirrored copy of NIST data.

For best results, use nist-data-mirror with cron or another scheduler to keep the mirrored data fresh.

Usage

Building

mvn clean package

Running

java -jar nist-data-mirror.jar <mirror-directory>

Downloading

If you do not wish to download sources and compile yourself, pre-compiled binaries are available for use. NIST Data Mirror is also available on the Maven Central Repository.

<dependency>
    <groupId>us.springett</groupId>
    <artifactId>nist-data-mirror</artifactId>
    <version>1.1.0</version>
</dependency>

Copyright & License

nist-data-mirror is Copyright (c) Steve Springett. All Rights Reserved.

Dependency-Check is Copyright (c) Jeremy Long. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE] Apache 2.0 file for the full license.

About

A simple Java command-line utility to mirror the CPE/CVE XML data from NIST.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Java 100.0%