Daily CVE Watch is a simple Python script that fetches and filters Common Vulnerability and Exposure (CVE) data from the OSV API based on predefined vendor keywords and recent vulnerabilities. The script is designed to help security teams and developers monitor CVEs related to specific vendors and packages on a daily basis.
- Fetches CVE data from the OSV API.
- Filters vulnerabilities by vendor (e.g., Microsoft, Google, Amazon, etc.) and the publication date.
- Outputs CVE information in a human-readable format.
- Easy customization of vendor filtering via the
VENDOR_KEYWORDSlist.
To get started with Daily CVE Watch, clone this repository and set up a Python virtual environment.
-
Clone the repository:
git clone https://github.com/yourusername/daily-cve-watch.git cd daily-cve-watch -
Create a virtual environment:
python -m venv venv
-
Activate the virtual environment:
-
On Windows:
.\venv\Scripts\activate
-
On Mac/Linux:
source venv/bin/activate
-
-
Install dependencies:
pip install -r requirements.txt
To run the CVE watcher, simply execute the Python script:
python cve_watch.pyThis will:
- Fetch the latest CVEs from the OSV API.
- Filter the CVEs based on the vendors specified in the
VENDOR_KEYWORDSlist (e.g., Microsoft, Google, etc.). - Display the filtered CVEs in a readable format in the terminal.
You can customize the list of vendors you want to track by modifying the VENDOR_KEYWORDS list in cve_watch.py. By default, the script filters CVEs related to:
VENDOR_KEYWORDS = ["microsoft", "juniper", "google", "amazon", "apple"]Simply add or remove vendor names as needed. If you want to filter by other vendors, just add their names (in lowercase) to the list.
The script filters CVEs published within the last 30 days by default. To adjust this, modify the DATE_FILTER_DAYS value in cve_watch.py:
DATE_FILTER_DAYS = 30 # Change this number as neededThe script will print CVE information to the console. Example output:
CVE ID: GHSA-9wx4-h78v-vm56
Summary: Requests `Session` object does not verify requests after making first request with verify=False
Severity: MODERATE
Published: 2024-05-20T20:15:00Z
Modified: 2024-07-15T22:12:27.987373Z
Details: ...
References:
- https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
- https://nvd.nist.gov/vuln/detail/CVE-2024-35195
- https://github.com/psf/requests/pull/6655
...
If you want to integrate Daily CVE Watch into your development or security workflows, here are a few options:
You can schedule the script to run at regular intervals using cron jobs. For example, to run the script daily at 9 AM:
-
Open your crontab file:
crontab -e
-
Add a line to schedule the script:
0 9 * * * /path/to/python /path/to/cve_watch.py
This will run the script at 9 AM every day.
For Windows, you can use the Task Scheduler to run the script on a schedule:
- Open Task Scheduler.
- Create a new task.
- Set the trigger to run the script daily at a specific time.
- Set the action to run the Python script, using the full path to your Python executable and
cve_watch.pyscript.
You can integrate the CVE check into your CI/CD pipeline (e.g., GitHub Actions, Jenkins, etc.) to automatically check for vulnerabilities as part of your deployment process.
For example, using GitHub Actions:
- Create a
.github/workflows/cve-check.ymlfile in your repository. - Add the following configuration to run the script as part of your CI process:
name: CVE Check
on:
push:
branches:
- main
jobs:
cve-check:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Install dependencies
run: |
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
- name: Run CVE check
run: |
source venv/bin/activate
python cve_watch.pyThis will automatically run the CVE check every time you push to the main branch.
Feel free to fork this repository and submit pull requests. If you encounter any issues or have suggestions for improvement, please open an issue on the GitHub repository.
This project is licensed under the MIT License - see the LICENSE file for details.