A job for updating Thoth's CVE database of packages.

This job checks for new CVE records in the safety-db provided by PyUp.io. If there are new CVE records found, this job automatically creates corresponding CVE entries in the graph database.

This job is run as an OpenShift CronJob that checks for updates in the safety-db. The deployment templates can be found under the openshit/ directory, the Ansible playbooks responsible for deploying this job lives in the Thoth's core repository.

You can run this job locally without any cluster deployment. To do so, issue the following command:

$ pipenv install  # Install all the requirements
$ pipenv run python3 ./app.py

The CVE job implementation will by default talk to your local Dgraph instance located on localhost:9080. Follow local Dgraph setup instructions for more info.

If you wish to talk to a Dgraph cluster deployment, you can do so by providing additional configuration options via environment variables:

$ pipenv install  # Install all the requirements
$ GRAPH_SERVICE_HOST=graph.test.thoth-station.ninja GRAPH_TLS_PATH=./tls-test pipenv run python3 ./app.py

You need to obtain TLS certificates in order to talk to a remote Dgraph instance and place them into tls-test directory in this case.