{"id":13666819,"url":"https://github.com/stevespringett/vulndb-data-mirror","last_synced_at":"2025-08-21T00:30:59.453Z","repository":{"id":26193463,"uuid":"106123782","full_name":"stevespringett/vulndb-data-mirror","owner":"stevespringett","description":"A simple Java command-line utility to mirror the entire contents of VulnDB.","archived":false,"fork":false,"pushed_at":"2023-02-23T13:12:15.000Z","size":171,"stargazers_count":42,"open_issues_count":6,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-02-17T10:37:52.281Z","etag":null,"topics":["appsec","cve","java","sca","software-composition-analysis","software-security","vulndb"],"latest_commit_sha":null,"homepage":"https://vulndb.cyberriskanalytics.com/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stevespringett.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-07T19:12:38.000Z","updated_at":"2024-05-30T04:34:33.598Z","dependencies_parsed_at":"2024-05-30T04:44:29.051Z","dependency_job_id":null,"html_url":"https://github.com/stevespringett/vulndb-data-mirror","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fvulndb-data-mirror","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fvulndb-data-mirror/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fvulndb-data-mirror/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stevespringett%2Fvulndb-data-mirror/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stevespringett","download_url":"https://codeload.github.com/stevespringett/vulndb-data-mirror/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230471175,"owners_count":18231193,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","cve","java","sca","software-composition-analysis","software-security","vulndb"],"created_at":"2024-08-02T06:01:25.687Z","updated_at":"2024-12-19T17:09:00.078Z","avatar_url":"https://github.com/stevespringett.png","language":"Java","funding_links":[],"categories":["SCA Vulnerability Databases","Ruby","Vulnerabilities Database \u0026 Tools"],"sub_categories":[".Net"],"readme":"[![Build Status](https://github.com/stevespringett/vulndb-data-mirror/workflows/Maven%20CI/badge.svg)](https://github.com/stevespringett/vulndb-data-mirror/actions?workflow=Maven+CI)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/us.springett/vulndb-data-mirror/badge.svg)](https://maven-badges.herokuapp.com/maven-central/us.springett/vulndb-data-mirror)\n[![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)][License]\n\nVulnDB Data Mirror\n================\n\nA simple Java command-line utility to mirror the entire contents of the [VulnDB] service from [Risk Based Security].\n\nThe intended purpose of vulndb-data-mirror is to be able to replicate the VulnDB vulnerabiity \ndata inside a company firewall so that local (faster) access to data can be achieved.\n\nIn addition to mirroring functionality, VulnDB Data Mirror includes a parser that can automatically\nconvert JSON data to model objects (defined as POJO's). This greatly eases the ramp-up time needed\nto consume the VulnDB data in a programmatic way.\n\nThe VulnDB service utilizes a paginated REST API that must be walked for each type of feed. \nDue to the large data-set the service provides, it may take an hour or more to mirror the contents. \n\nFor best results, use vulndb-data-mirror with cron or another scheduler to keep the mirrored data fresh.\n\nA subscription to VulnDB is required for use. Contact [VulnDB] for evaluation and subscription information. \nVulnDB Data Mirror or it's creator are not affiliated with VulnDB or Risk Based Security. This is a \ncommunity-driven project that acknowledges the value of third-party vulnerability intelligence to \nenhance or supplement publicly disclosed information.\n\nBy using VulnDB Data Mirror, you accept that it will be used in a manner that conforms to the VulnDB terms of service.\n\n\nDistribution\n----------------\n\nVulnDB Data Mirror is distributed two different ways. \n\n\n[Pre-compiled binaries] are available. This distribution is intended to be extracted and executed in order to run \nand maintain a working VulnDB mirror. This is the recommended method for most users.\n\n\nThe standalone library is available in the Maven Central \nRepository. This distribution is useful for programmatic access to the mirroring or parsing functionality.\n\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003eus.springett\u003c/groupId\u003e\n    \u003cartifactId\u003evulndb-data-mirror\u003c/artifactId\u003e\n    \u003cversion\u003e1.1.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n\nUsage\n----------------\n\n### Windows\n\n\n```sh\nvulndb-data-mirror.bat --consumer-key mykey --consumer-secret mysecret --dir \"c:\\path\\to\\mirror\"\n```\n\n\n### Unix/Linux\n\n```sh\nvulndb-data-mirror.sh --consumer-key mykey --consumer-secret mysecret --dir \"/path/to/mirror\"\n```\n\nWhen running, the console output will resemble:\n\n```\nVulnDB API Status:\n--------------------------------------------------------------------------------\nOrganization Name.............: Example Inc.\nName of User Requesting.......: Jane Doe\nEmail of User Requesting......: jane@example.com\nSubscription Expiration Date..: 2018-12-31\nAPI Calls Allowed per Month...: 25000\nAPI Calls Made This Month.....: 1523\n--------------------------------------------------------------------------------\n\nMirroring Vendors feed...\n  Processing 18344 of 18344 results\nMirroring Products feed...\n  Processing 136853 of 136853 results\nMirroring Vulnerabilities feed...\n  Processing 142500 of 166721 results\n```\n\n### Getting Help\n\nExecute vulndb-data-mirror.bar or vulndb-data-mirror.sh (without options)\n```\nusage: vulndb-data-mirror\n    --consumer-key \u003ckey\u003e          The Consumer Key provided by VulnDB\n    --consumer-secret \u003csecret\u003e    The Consumer Secret provided by VulnDB\n    --dir \u003cdir\u003e                   The target directory to store contents\n -prod,--mirror-products          Mirror the products data feed\n -vend,--mirror-vendors           Mirror the vendors data feed\n -vuln,--mirror-vulnerabilities   Mirror the vulnerabilities data feed\n -stat,--status-only              Displays VulnDB API status only\n```\n\n### Mirror Recovery\n\nVulnDB Data Mirror can recover from several types of errors. Upon a successful request to VulnDB, this utility \nwill store a timestamp and the last successful page number processed. Pagination of VulnDB defaults to retrieving \n100 records at a time. In the event of a network or service error, it is possible to start again where the mirroring \nleft off.\n\nThis information is stored in `update.properties` located in the specified mirror directory.\n\n### VulnDB API License\n\nThe process of mirroring the contents of VulnDB takes several thousand requests. You may estimate the number of \nrequests required by dividing 100 by the total number of results in each of the three feeds. After mirroring is \ncomplete, make a backup of the contents so that a full mirror does not have to take place again. VulnDB may be \nlicensed based on the number of API calls made to the service. Check with the vendor for details.\n\n\nCompiling\n----------------\n\n```bash\nmvn clean package\n```\n\n\nRelated Projects\n----------------\n\n* [NIST Data Mirror](https://github.com/stevespringett/nist-data-mirror)\n\nCopyright \u0026 License\n-------------------\n\nvulndb-data-mirror is Copyright (c) Steve Springett. All Rights Reserved.\n\nVulnDB is Copyright (c) Risk Based Security. All Rights Reserved.\n\nPermission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [License] file for the full license.\n\n  [License]: https://github.com/stevespringett/vulndb-data-mirror/blob/master/LICENSE\n  [Pre-compiled binaries]: https://github.com/stevespringett/vulndb-data-mirror/releases\n  [VulnDB]: https://vulndb.flashpoint.io/\n  [Risk Based Security]: https://www.riskbasedsecurity.com/ \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstevespringett%2Fvulndb-data-mirror","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstevespringett%2Fvulndb-data-mirror","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstevespringett%2Fvulndb-data-mirror/lists"}