Get notified about new CVEs right in your Discord server!

• CVE-BOT
  • Bot usage
    • Invite the bot
    • Required Discord permissions
    • Subscribing to vendors and products
    • Unsubscribing from vendors and products
    • Changing the frontend URL
    • See current settings
    • Additional considerations
  • Self-host the bot (with docker)
    • Prerequisites
    • Download
    • Configuration
    • Run the bot

Invite the bot to your Discord server using this link: https://discord.com/api/oauth2/authorize?client_id=1147880351901962300&permissions=2048&scope=bot%20applications.commands, if you choose to self host the bot, the link will be print to the stdout once the bot have started.

All commands requires the user running them to have the "Administrator" permission, and all of them returns an ephemeral message that can only be seen by the user who ran it.

The bot needs the "Send Message" permission in channels with active subscriptions in order to send new alerts.

Use the commands /subscribe products or /subscribe vendor in the channel where you wish to receive alerts about new CVEs, you can specify multiple entries at once by separating them with a comma, and get some help with the built-in autocompletion.

To stop receiving alerts about a vendor or product in a channel, run in the channel the command /unsubscribe products or /unsubscribe vendor and specify the entries, you can specify multiple entries at once by separating them with a comma, and get some help with the built-in autocompletion.

You can also unsubscribe from all vendors or products at once by entering an asterisk (*)

You can change at any time the base URL used for linking CVE IDs, vendor and products, remember that these changes will only take affect on new alerts. You can also specify a channel to change the URL only in the specified channel.

The bot will confirm the change, and will also provide a URL for you to test this new URL.

Use the command /see-settings commands to see all the settings of your server, like the set OpenCVE frontend URL server-wide or for specific channels, and subscribed vendors and products .

Remember that there might be multiple pages and you can navigate them with the arrow buttons, these buttons will stop working 24 hours after not using them.

If your Discord server is public, you may want to limit the visibility of the channel used to notify new CVEs, as a malicious user could actively watch for new CVEs affecting your software to exploit them.

Hover the channel with the mouse and click on the gear wheel icon.

Now click on the "Permissions" tab on the left side menu.

And now toggle on the private channel.

Finally, click the "Add members or roles" button, and check the roles or individual members you want to allow to see the CVEs, once you are done, you may click the "Done" button.

• A Discord bot (head to the Discord Developer Portal, create an application with the desired name, go to "Bot" tab and regenerate the token and save it for later)
• An instance of OpenCVE, or access to its database (you can also install it with docker)
• Docker

Clone the repository (or download and extract it if you don't have git), and change directory to it

git clone [email protected]:eduardozgz/cve-bot.git
cd cve-bot

Create a .env file (or you can copy it directly from .env.example) or set the environment variables to configure the bot

docker compose up -d