{"id":44332372,"url":"https://github.com/secvisogram/csaf-validator-service","last_synced_at":"2026-02-25T12:19:29.603Z","repository":{"id":37176458,"uuid":"464918681","full_name":"secvisogram/csaf-validator-service","owner":"secvisogram","description":" csaf-validator-service is a REST-based service that can be used to check whether a given CSAF 2.0 document is valid. ","archived":false,"fork":false,"pushed_at":"2025-12-17T08:59:11.000Z","size":2107,"stargazers_count":1,"open_issues_count":10,"forks_count":6,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-20T21:51:32.256Z","etag":null,"topics":["csaf","csaf-basic-validator","csaf-extended-validator","csaf-full-validator","mit-license"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secvisogram.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-03-01T14:07:52.000Z","updated_at":"2025-12-17T08:58:34.000Z","dependencies_parsed_at":"2025-12-17T15:02:22.645Z","dependency_job_id":null,"html_url":"https://github.com/secvisogram/csaf-validator-service","commit_stats":null,"previous_names":[],"tags_count":77,"template":false,"template_full_name":null,"purl":"pkg:github/secvisogram/csaf-validator-service","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secvisogram%2Fcsaf-validator-service","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secvisogram%2Fcsaf-validator-service/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secvisogram%2Fcsaf-validator-service/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secvisogram%2Fcsaf-validator-service/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secvisogram","download_url":"https://codeload.github.com/secvisogram/csaf-validator-service/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secvisogram%2Fcsaf-validator-service/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29331743,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T06:13:03.264Z","status":"ssl_error","status_checked_at":"2026-02-11T06:12:55.843Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csaf","csaf-basic-validator","csaf-extended-validator","csaf-full-validator","mit-license"],"created_at":"2026-02-11T10:09:53.493Z","updated_at":"2026-02-11T10:09:54.102Z","avatar_url":"https://github.com/secvisogram.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BSI Secvisogram CSAF Validator Service\n\n\u003c!-- TOC depthfrom:2 depthto:3 --\u003e\n\n- [About the project](#about-the-project)\n- [Getting started](#getting-started)\n- [Documentation](#documentation)\n- [Configuration](#configuration)\n  - [CORS](#cors)\n- [Developing](#developing)\n  - [Prerequisites](#prerequisites)\n  - [Installation](#installation)\n  - [Run server](#run-server)\n  - [Generate documentation](#generate-documentation)\n  - [Create new version](#create-new-version)\n- [Testing](#testing)\n- [Docker](#docker)\n- [Persist with pm2](#persist-with-pm2)\n- [Contributing](#contributing)\n- [Dependencies](#dependencies)\n\n\u003c!-- /TOC --\u003e\n\n## About the project\n\nThis is a service to validate documents against the [CSAF standard](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html). It uses the [csaf-validator-lib](https://github.com/secvisogram/csaf-validator-lib) under the hood which is included as a `git subtree` module.\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n## Getting started\n\nTo run the validator service you basically need the same as for [developing](#developing).\n\n- install Node.js 20\n- install production dependencies and copy all relevant files to the dist\n  folder by running `npm run dist`\n- copy the content of the dist folder to your working directory\n- Make sure to set the environment variable `NODE_ENV` to `production`\n- Configure the service using a `local-production.json` file in\n  `backend/config`. All available parameters are outlined in `backend/config/development.json`. See [https://www.npmjs.com/package/config](https://www.npmjs.com/package/config) for more information on how to configure using different techniques such as environment variables.\n- test 6.3.8 requires an installation of hunspell.\n  - For more details on how to manage languages, please also see [Managing Hunspell languages](https://github.com/secvisogram/csaf-validator-lib#managing-hunspell-languages)\n- start the service with `node backend/server.js`\n\nTo manage the process you can use Docker or an init system of your choice.\n\nYou most likely also want to run this behind a reverse proxy to handle TLS\ntermination or CORS headers if the service is accessed from other domains. See\n[https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)\nfor more information.\n\n## Documentation\n\nThe documentation is available as a swagger resource provided by the service itself under `/docs`. So once the server is running, visit [http://localhost:\u0026lt;config port\u0026gt;/docs](http://localhost:8082/docs) in your browser. The default port of the application `8082`. See [configuration](#configuration) to learn about ways to change it.\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n## Configuration\n\nThe project uses the [config](https://www.npmjs.com/package/config) npm package for configuration. It provides a variety of possibilities to inject configuration values e.g. environment variables or environment specific files.\n\n### CORS\n\nFastify CORS options can be configured by passing an options object by the name `cors`\n\nThe following options are available:\n`origin`, `methods`, `allowedHeaders`, `exposedHeaders`, `credentials`, `maxAge`\n\nSee [Fastify CORS options](https://github.com/fastify/fastify-cors#options) for more information\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n## Developing\n\n### Prerequisites\n\nYou need at least **Node.js version 20 or higher**. [Nodesource](https://github.com/nodesource/distributions/blob/master/README.md) provides binary distributions for various Linux distributions.\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n### Installation\n\n- Install server and csaf-validator-lib dependencies\n  ```sh\n  npm ci\n  ```\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n### Run server\n\n- Start the server\n\n  ```sh\n  npm run dev\n  ```\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n### Generate documentation\n\nThe server needs to be running and the [`openapi-generator-cli`](https://openapi-generator.tech/docs/installation/) must be installed. The file `backend/lib/app.js` needs to reflect the target version. Then, you can use the following commands to generate the documentation:\n\n```sh\nopenapi-generator-cli generate -i http://localhost:8082/docs/json -g html -o ./documents/generated/html/\nopenapi-generator-cli generate -i http://localhost:8082/docs/json -g asciidoc -o ./documents/generated/asciidoc/\n```\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n### Create new version\n\nTo create a new version use npm's [version](https://docs.npmjs.com/cli/v11/commands/npm-version) command and make sure that your server is not running (since this command will start it).\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n## Testing\n\nMany tests are integration tests which need a running server. So make sure to start it before running the tests:\n\n```sh\nnpm run dev\n```\n\nTests are implemented using [mocha](https://mochajs.org/). They can be run using the following command:\n\n```sh\nnpm test\n```\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n## Docker\n\nBuild docker image\n\n```sh\ndocker build -t csaf/validator-service .\n```\n\nStart container\n\n```sh\ndocker run -d -p 8082:8082 --name csaf-validator-service csaf/validator-service\n```\n\n## Persist with pm2\n\nIf you want to start the service with [pm2](https://github.com/Unitech/pm2) you have to adjust the `instance_var` attribute for pm2.\nYou can do this by adding the following configuration in the `backend` folder.\nDepending on the directory you chose, you have to adjust the `cwd` and `NODE_CONFIG_DIR` attributes accordingly.\n\n```javascript\n// pm2.config.cjs\nmodule.exports = {\n  apps: [\n    {\n      name: 'csaf-validator-service',\n      script: './server.js',\n      cwd: '/var/www/csaf-validator-service/backend',\n      instance_var: 'INSTANCE_ID',\n      env: {\n        NODE_ENV: 'development',\n        NODE_CONFIG_DIR: '/var/www/csaf-validator-service/backend/config/',\n      },\n      env_production: {\n        NODE_ENV: 'production',\n        NODE_CONFIG_DIR: '/var/www/csaf-validator-service/backend/config/',\n      },\n    },\n  ],\n}\n```\n\nTo start the service execute this command inside the backend directory:\n\n```sh\npm2 start pm2.config.js --env production\n```\n\n## Contributing\n\nYou can find our guidelines here [CONTRIBUTING.md](https://github.com/secvisogram/secvisogram/blob/main/CONTRIBUTING.md)\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n\n## Dependencies\n\nFor the complete list of dependencies please take a look at [package.json](https://github.com/secvisogram/csaf-validator-lib/blob/main/package.json)\n\n- [fastify](https://fastify.io/)\n- [fastify-swagger](https://github.com/fastify/fastify-swagger)\n- [csaf-validator-lib](https://github.com/secvisogram/csaf-validator-lib)\n\n[(back to top)](#bsi-secvisogram-csaf-validator-service)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecvisogram%2Fcsaf-validator-service","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecvisogram%2Fcsaf-validator-service","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecvisogram%2Fcsaf-validator-service/lists"}