{"id":15116541,"url":"https://github.com/exein-io/kepler","last_synced_at":"2025-09-27T22:30:58.801Z","repository":{"id":38329055,"uuid":"448077529","full_name":"exein-io/kepler","owner":"exein-io","description":"NIST-based CVE lookup store and API powered by Rust.","archived":false,"fork":false,"pushed_at":"2024-10-25T09:04:13.000Z","size":46846,"stargazers_count":125,"open_issues_count":5,"forks_count":11,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-11-03T14:34:57.983Z","etag":null,"topics":["cve","cve-scanning","cve-search","rust","security-tools"],"latest_commit_sha":null,"homepage":"https://exein.io/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/exein-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-14T19:01:05.000Z","updated_at":"2024-10-15T11:20:57.000Z","dependencies_parsed_at":"2023-02-18T12:46:05.048Z","dependency_job_id":"f4973252-724f-4de4-93f0-387e2920a7ad","html_url":"https://github.com/exein-io/kepler","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exein-io%2Fkepler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exein-io%2Fkepler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exein-io%2Fkepler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exein-io%2Fkepler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/exein-io","download_url":"https://codeload.github.com/exein-io/kepler/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234461952,"owners_count":18837207,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","cve-scanning","cve-search","rust","security-tools"],"created_at":"2024-09-26T01:44:25.746Z","updated_at":"2025-09-27T22:30:48.793Z","avatar_url":"https://github.com/exein-io.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003cimg width=\"300\" src=\"res/kepler-logo.png\" alt=\"Kepler logo\"\u003e\n \n  \u003cp\u003e\n    \u003ca href=\"https://github.com/Exein-io/kepler/actions/workflows/test.yaml\"\u003e\n      \u003cimg src=\"https://github.com/Exein-io/kepler/actions/workflows/test.yaml/badge.svg?branch=main\" alt=\"Test badge\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://opensource.org/licenses/Apache-2.0\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/License-Apache_2.0-blue.svg\" alt=\"License\"\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\n\u003cbr/\u003e\n\nKepler is a vulnerability database and lookup store and API currently utilising [National Vulnerability Database](https://nvd.nist.gov/) as data sources; implementing CPE 2.3 tree expressions and version range evaluation in realtime.\n\n\u003cbr/\u003e\n\n# Setup\n\n## Docker (recommended)\n\nWe provide a docker bundle with `kepler`, dedicated PostgreSQL database and [Ofelia](https://github.com/mcuadros/ofelia) as job scheduler for continuous update\n\n```bash\ndocker compose build\ndocker compose up\n```\n\n### Database migration notes\nWhen the application starts checks for pending database migrations and automatically applies them. Remove the `--migrate` option to stop when a pending migration is detected\n\n## Build from sources\n\nAlternatively you can build `kepler` from sources. To build you need `rust`, `cargo` and `libpg-dev` (or equivalent PostgreSQL library for your Linux distribution)\n\n```\ncargo build --release\n```\n\n# Data sources\n\nThe system will automatically fetch and import new records every 3 hours if you use our [bundle](#docker-recommended), while historical data must be imported manually.\n\nKepler currently supports two data sources, [National Vulnerability Database](https://nvd.nist.gov/) and [NPM Advisories](https://npmjs.org/). You can import the data sources historically as follows.\n\n## NIST Data\n\nTo import NIST records from all available years (2002 to 2022):\n\n```bash\nfor year in $(seq 2002 2022); do \n    docker run --rm -v $(pwd)/data:/data \\\n        -e DATABASE_URL=postgres://kepler:kepler@localhost:5432/kepler \\\n\t--network=kepler_default \\\n\tkepler:dev import_nist $year -d /data; \ndone \n```\n\nThe system will automatically fetch and import new records records every 3 hours. \n\n# APIs\n\nThere are two primary APIs as of right now — the `product` API and the `cve` API detailed below.\n\n## Products API\n\nProducts can be listed:\n\n```bash\ncurl http://localhost:8000/products\n```\n\nGrouped by vendor:\n\n```bash\ncurl http://localhost:8000/products/by_vendor\n```\n\nOr searched:\n\n```bash\ncurl http://localhost:8000/products/search/iphone\n```\n\n## CVEs API\n\nTo use the vulnerabilities search API via cURL (prepend `node-` to the product name in order to search for NPM specific packages):\n\n```bash\ncurl \\\n    --header \"Content-Type: application/json\" \\\n    --request POST \\\n    --data '{\"product\":\"libxml2\",\"version\":\"2.9.10\"}' \\\n    http://localhost:8000/cve/search\n```\n\nResponses are cached in memory with a LRU limit of 4096 elements.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexein-io%2Fkepler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexein-io%2Fkepler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexein-io%2Fkepler/lists"}