We offer a fully hosted web version of Vulmatch which includes many additional features over those in this codebase. You can find out more about the web version here.
Vulmatch is a database of CVEs in STIX 2.1 format with a REST API wrapper to access them.
Some common reasons people use Vulmatch include filtering CVEs by;
- CVSS
- EPSS
- CWE classifcation
- ATT&CK classification
- Affected products
- Know expliots
# clone the latest code
git clone https://github.com/muchdogesec/vulmatchIMPORTANT: ArangoDB and Postgres must be running. These are not deployed in the compose file.
If you are not sure what you are doing here, follow the basic setup steps here.
Vulmatch has various settings that are defined in an .env file.
To create a template for the file:
cp .env.example .envTo see more information about how to set the variables, and what they do, read the .env.markdown file.
sudo docker compose buildsudo docker compose upThe webserver (Django) should now be running on: http://127.0.0.1:8005/
You can access the Swagger UI for the API in a browser at: http://127.0.0.1:8005/api/schema/swagger-ui/
To get up and running quickly head to /utilities/README.md for some scripts that will automate the backfill of data.