JavaVuln allows you to view your projects, the libraries they depend on and the vulnerabilities (CVEs) they may have.
- Clone the repo
- Create a
.envfile underjavavuln-apiwith the properties found underjavavuln-api/example.env - Create a
.envfile underjavavulnwith the properties found underjavavuln/example.env - Populate a Sqlite database in accordance with the following schema:
CREATE TABLE projects (
id INTEGER PRIMARY KEY,
project_name TEXT
);
CREATE TABLE libraries (
id INTEGER PRIMARY KEY,
path TEXT,
name TEXT,
version TEXT,
group_id TEXT,
artifact_id TEXT,
latest_version TEXT,
max_cvss_v3 REAL,
count_cves INTEGER,
count_unknown INTEGER,
count_none INTEGER,
count_low INTEGER,
count_medium INTEGER,
count_high INTEGER,
count_critical INTEGER
);
CREATE TABLE cves (
cve TEXT,
cvss_v3 REAL,
severity TEXT,
published_date TEXT,
last_modified_date TEXT,
json_data TEXT
);
-- Not currently used
CREATE TABLE project_project_dependencies (
id INTEGER PRIMARY KEY,
project_id INTEGER,
depends_on_id INTEGER,
depends_on_name TEXT
);
-- Sqlite uses INTEGER for BOOL (hence direct is an INTEGER)
CREATE TABLE project_library_dependencies (
id INTEGER PRIMARY KEY,
project_id INTEGER,
library_id INTEGER,
direct INTEGER
);
-- Sqlite uses INTEGER for BOOL (hence direct is an INTEGER)
CREATE TABLE library_cves (
id INTEGER PRIMARY KEY,
library_id INTEGER,
cve TEXT,
direct INTEGER
);- Open a terminal window and change directory into the
javavuln-apisubdirectory. - Run
npm install - Run
npm startornpm run devto start the API server. - Open a second terminal window and change into the
javavulnsubdirectory. - Run
npm install - Run
npm run dev -- --opento start the web server.