Title
#fleet
b

benbass

02/11/2022, 3:36 PM
I have some questions about hosting the urls for the vulnerability scanning. Right now we are mirroring the “https://github.com/fleetdm/nvd/releases” and I am not sure to what depth I should put in as my FLEET_VULNERABILITIES_CPE_DATABASE_URL. The one file that we have there is “…/nvd/releases/download/80f3e7909fed710/cpe-80f3e7909fed710.sqlite.gz”
Tomas Touceda

Tomas Touceda

02/11/2022, 3:55 PM
that URL should be the full URL to download the cpe database, if it's defined, we use it directly
b

benbass

02/11/2022, 3:57 PM
So it would be that last one, that expands out to the full sqlite.gz? I was hoping to grab the files in the same manner fleet does from github, so I don’t have to go and update that url when that db changes.
Tomas Touceda

Tomas Touceda

02/11/2022, 4:09 PM
yeah, the problem is that we use github's API if we handle it, and otherwise assume it's something else entirely, so we rely on the user defining the paths
4:09 PM
you can also use a proxy, alternatively
b

benbass

02/11/2022, 4:10 PM
No worries, I’m just trying to get things working and totally expect to run into problem. Thank you for answering my question!
4:23 PM
I was able to get the nvd sql file working, however I am running into issues with how the FLEET_VULNERABILITIES_CVE_FEED_PREFIX_URL is working.
4:25 PM
I have it set to https://XXX.XXX.com/artifactory/nist-nvd-remote/, and in the journelctl output I am seeing “synchronisation error:\n\tunexpected http response from \“https://XXX.XXX.com/feeds/json/cve/1.1/nvdcve-1.1-2002.meta\” (\“404 Not Found\“).
4:25 PM
Which means it isn’t using the full prefix url and just the host name from the prefix url.
Tomas Touceda

Tomas Touceda

02/11/2022, 4:29 PM
ah, yes, it's getting the host and scheme
4:30 PM
we are not setting the path part
4:55 PM
will see if we can include that in the current release
b

benbass

02/11/2022, 4:56 PM
Awesome!
5:00 PM
If so, that will make my current plan much easier to implement.
Tomas Touceda

Tomas Touceda

02/11/2022, 5:01 PM
sounds like 4.10 will have it, still needs to go through review though
b

benbass

02/11/2022, 5:03 PM
Very nice! I totally get the need for review. I am impressed you were able to get a potential fix written so fast.
Tomas Touceda

Tomas Touceda

02/11/2022, 5:10 PM
well... it was a lucky shot, they aren't always this straight forward 🙂
5:11 PM
it's merged to main, keep an eye out for 4.10!
b

benbass

02/11/2022, 5:24 PM
Excellent!