登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
开源项目 > 程序开发 > 安全开发相关 &&
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
19 Star 52 Fork 10

openEuler / cve-ease

代码 Issues 1 Pull Requests 1 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
分支 1
标签 0
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
cve-ease
docs
.gitignore
LICENSE
README.en.md
README.md
Loading...
README
MulanPSL-2.0

cve-ease project

项目介绍

cve-ease 是一个专注于CVE信息的平台,它搜集了社区发布的各种CVE信息,并通过邮件、微信、钉钉等多种渠道及时通知用户。用户可以通过cve-ease平台查看CVE信息的详细内容,包括漏洞描述、影响范围、修复建议等,并根据自己的系统情况选择合适的修复方案。

cve-ease 平台旨在帮助用户快速了解和应对系统中存在的漏洞,提高系统安全性和稳定性。

cve-ease 是天翼云自主创新项目,它已经在欧拉社区开放源码,期待社区的朋友们加入项目开发,共同打造一个安全、稳定、可靠的国产操作系统生态。

开源说明:

  • 本仓库严格遵循 木兰宽松许可证, 第2版
  • 本仓库严格 天翼云科技有限公司 开源规范,经过严格的审核和准备,提交优质开源项目,相关的文档和资料都皆以齐备
  • 本仓库严格 天翼云科技有限公司 开源规范,经过严格的审核和准备,提交优质开源项目,相关的文档和资料都皆以齐备
  • 本仓库严格 天翼云科技有限公司 开源规范,经过严格的审核和准备,提交优质开源项目,相关的文档和资料都皆以齐备
  • 本仓库由公司指派专人负责,LTS长期跟进维护,持续孵化产出

软件架构

cve-ease是一个专注于CVE信息的平台,它的架构主要由四个模块组成,分别是CVE爬虫、CVE分析器、CVE通知器和CVE前端。下面我们分别介绍这四个模块的功能和设计。

  • CVE爬虫

这个模块负责从openEuler社区提供的各个CVE数据源抓取CVE信息,并将其存储到MySQL等关系型数据库中。这些关键信息主要来源于cve-manager项目。目前,cve-manager支持从以下数据源获取CVE信息:NVD、CNNVD、CNVD、RedHat、Ubuntu、Debian等。cve-ease使用Python编写了多个爬虫脚本,每个脚本对应一个数据源,可以定时或手动运行。爬虫脚本会将抓取到的原始CVE信息格式化后持久化存储,以便后续的分析和处理。

  • CVE分析器

这个模块负责对CVE信息进行解析、归类、评分等操作。cve-ease使用Python编写了一个分析器脚本,它会定期从关系型数据库中读取原始CVE信息,并进行以下操作:解析CVE信息的基本属性(如编号、标题、描述等)、归类CVE信息的影响范围(如操作系统、软件包等)、评分CVE信息的危害程度(如CVSS评分等)、匹配CVE信息的修复建议(如补丁链接等)。分析器脚本会将处理后的结构化CVE信息以SQL格式持久化到数据库中,以便后续的查询和展示。

  • CVE通知器

这个模块负责根据用户的订阅配置,通过邮件、微信、钉钉等方式发送CVE通知给用户。cve-ease使用Python编写了一个通知器脚本,它会定期从MySQL数据库中读取结构化CVE信息,并进行以下操作:过滤出用户关注的影响范围(如操作系统、软件包等)、生成适合不同渠道的通知内容(如文本、图片等)、调用不同渠道的API发送通知给用户(如SMTP协议发送邮件、HTTP协议发送微信或钉钉消息等)。通知器脚本会记录发送结果和反馈情况,并更新MySQL数据库中的订阅状态。

  • CVE前端

这个模块负责提供一个友好的cli终端命令,让用户可以查看、搜索、订阅CVE信息。

cve-ease的架构设计旨在实现高效、灵活、可扩展的CVE信息平台,为用户提供及时准确地安全漏洞情报服务。

研发规划

  1. repodata 适配多厂家 OSV( Operating System Software Provider )
  2. motd 登陆播报功能
  3. dnf 插件扩展修复功能
  4. 自动修复特定包功能
  5. 增加特定包感知功能
  6. ...

我们非常欢迎您对 cve-ease 研发方向的宝贵意见,如果您有任何想法或建议,请不要犹豫,尽情地与我们分享,我们将十分感激~

安装教程

目前cve-ease处于快速迭代研发阶段,支持的安装方式有,直接安装,容器安装,rpm包安装

直接安装

git clone https://gitee.com/openeuler/cve-ease cve-ease.git
cd cve-ease.git/cve-ease
make install

容器安装

git clone https://gitee.com/openeuler/cve-ease cve-ease.git
cd cve-ease.git/cve-ease
make run-in-docker

rpm包安装

git clone https://gitee.com/openeuler/cve-ease cve-ease.git
cd cve-ease.git/cve-ease
make gensrpm
cd ..
rpm -ivh *.src.rpm
cd ~/rpmbuild
rpmbuild -ba SPECS/cve-ease.spec
cd RPMS/noarch
rpm -ivh *.rpm

使用说明

帮助信息

  • cve-ease命令不带任何参数,则显示帮助信息
  • cve-ease子命令有多个,按类别分为basic、info、notifier
  • help子命令用于显示不同类别命令帮助信息
# cve-ease

Available commands:

basic commands:
      config                    Print cve-ease config
      daemon                    Run as daemon without interactive
      motd                      Motd info manager
      service                   Service manager

info commands:
      cve                       OpenEuler CVE info
      cvrf                      OpenEuler CVRF info
      db                        Database manager
      help                      List available commands
      logger                    Logger config
      repodata                  Repodata info
      rpm                       Rpm info
      sa                        OpenEuler security notice info

notifier commands:
      dingding                  Notifier of dingding
      feishu                    Notifier of feishu
      mail163                   Notifier of mail163
      mailqq                    Notifier of mailqq
      wecom                     Notifier of wecom

Try "cve-ease --help" for help about global gconfig
Try "cve-ease help" to get all available commands
Try "cve-ease <command> --help" for help about the gconfig of a particular command
Try "cve-ease help <category>" to get commands under a particular category
Available commands are: basic, info, notifier

# cve-ease help info
Available commands:

info commands:
      cve                       OpenEuler CVE info
      cvrf                      OpenEuler CVRF info
      db                        Database manager
      help                      List available commands
      logger                    Logger config
      repodata                  Repodata info
      rpm                       Rpm info
      sa                        OpenEuler security notice info

Try "cve-ease --help" for help about global gconfig
Try "cve-ease help" to get all available commands
Try "cve-ease <command> --help" for help about the gconfig of a particular command
Try "cve-ease help <category>" to get commands under a particular category
Available commands are: basic, info, notifier

配置文件

配置文件位于 /etc/cve-ease/cve-ease.cfg

[main]
pid_file_path = /var/log/cve-ease/cve-ease.pid
lock_file_path = /var/log/cve-ease/cve-ease.lock

# log configuration

# debug/ error(default) / warn
log_level = debug
log_file_path = /var/log/cve-ease/cve-ease.log
log_maxbytes = 10240
log_backup_num = 30

# sql configuration
db_type = sqlite
db_file_path = /usr/share/cve-ease/cve-ease.db
db_user =
db_password =
db_host =
db_port =
product = openEuler-20.03-LTS-SP1
expiration_days = 14

# notifier
notifier_record_num = 9

# filter
focus_on = kernel,systemd,openssh,openssl

[wecom]
enabled = 1
# https://developer.work.weixin.qq.com/document/path/91770?version=4.0.19.6020&platform=win
# https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=fe9eae1f-xxxx-4ae3-xxxx-ecf9f77abba6

update_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3
status_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3


[dingding]
enabled = 1
# just for test
update_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb
status_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb


[feishu]
enabled = 1
# just for test
update_key = 5575739b-f59d-48db-b737-63672b2c32ab
status_key = 5575739b-f59d-48db-b737-63672b2c32ab


[mail163]
enabled = 0
mail_sender = xxxxxxx@163.com
mail_recver = xxxxxxx@163.com
mail_smtp_token = xxxxxx


[mailqq]
enabled = 0
mail_sender = xxxxxxx@qq.com
mail_recver = xxxxxxx@qq.com
mail_smtp_token = xxxxxxxx

cve-ease服务

cve-ease服务包含 cve-ease.service 和 cve-ease.timer 两个文件,基于systemd timer机制实现周期周期执行

# /usr/lib/systemd/system/cve-ease.timer
#  CTyunOS cve-ease: MulanPSL2
#
#  This file is part of cve-ease.
#

[Unit]
Description=CTyunOS cve-ease Project
Documentation=https://gitee.com/openeuler/cve-ease

[Timer]
OnBootSec=1m
OnUnitActiveSec=10m
RandomizedDelaySec=10

[Install]
WantedBy=timers.target
# systemctl enable --now cve-ease.timer
Created symlink /etc/systemd/system/timers.target.wants/cve-ease.timer → /usr/lib/systemd/system/cve-ease.timer.
# systemctl status cve-ease.timer
● cve-ease.timer - CTyunOS cve-ease Project
   Loaded: loaded (/usr/lib/systemd/system/cve-ease.timer; enabled; vendor preset: disabled)
   Active: active (waiting) since Sat 2023-03-18 17:55:53 CST; 5s ago
  Trigger: Sat 2023-03-18 18:05:55 CST; 9min left
     Docs: https://gitee.com/openeuler/cve-ease

Mar 18 17:55:53 56d941221b41 systemd[1]: Started CTyunOS cve-ease Project.
# systemctl status cve-ease.service
● cve-ease.service - CTyunOS cve-ease project
   Loaded: loaded (/usr/lib/systemd/system/cve-ease.service; disabled; vendor preset: disabled)
   Active: inactive (dead) since Sat 2023-03-18 17:55:56 CST; 5s ago
     Docs: https://gitee.com/openeuler/cve-ease
  Process: 196 ExecStart=/usr/bin/cve-ease daemon (code=exited, status=0/SUCCESS)
 Main PID: 196 (code=exited, status=0/SUCCESS)

Mar 18 17:55:53 56d941221b41 systemd[1]: Starting CTyunOS cve-ease project...
Mar 18 17:55:56 56d941221b41 systemd[1]: cve-ease.service: Succeeded.
Mar 18 17:55:56 56d941221b41 systemd[1]: Started CTyunOS cve-ease project.

basic基础命令

config配置相关子命令

Usage: cve-ease config <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help     show this help message and exit
  -r, --rawdata  print raw config file content
cve-ease config     # 显示配置文件路径及有效配置
cve-ease config -r  # 显示配置文件路径及裸数据

daemon服务

  • daemon命令用户systemd service服务入口,一般不直接执行
  • 该服务由对应cve-ease 的systemd timer服务定时执行
# /usr/lib/systemd/system/cve-ease.service
#  CTyunOS cve-ease: MulanPSL2
#
#  This file is part of cve-ease.
#

[Unit]
Description=CTyunOS cve-ease project
Documentation=https://gitee.com/openeuler/cve-ease

[Service]
Type=oneshot
ExecStart=/usr/bin/cve-ease daemon

[Install]
WantedBy=multi-user.target

motd更新通知相关子命令

  • TODO 待实现

service相关子命令

cve-ease服务的相关控制命令

Usage: cve-ease service <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help     show this help message and exit
  -k, --kill     kill cve-ease service
  -r, --restart  restart cve-ease service
  -s, --status   get cve-ease service status
  -v, --verbose  show verbose output
cve-ease service -k   # 暂停cve-ease服务
cve-ease service -r   # 重启cve-ease服务
cve-ease service -s   # 查看cve-ease服务状态

info信息类别命令

cve子命令

爬取openEuler社区CVE公告信息,地址: openEuler 官方CVE公告

Usage: cve-ease cve <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help       show this help message and exit
  -r, --rawdata    get cve cache and print raw data without write db
  -m, --makecache  get cve cache
  -l, --list       list all cve info
  -t, --total      get cve info statistics
  -v, --verbose    show verbose output
cve-ease cve -m # 爬取 CVE 信息并写入数据库
cve-ease cve -l # 从数据库获取并格式化显示 CVE 信息
cve-ease cve -t # 从数据库获取并显示 CVE 统计信息
cve-ease cve -r # 爬取 CVE 信息并显示裸数据(未写入数据库)

sa子命令

爬取openEuler社区安全公告信息,地址: openEuler 官方CVE公告

Usage: cve-ease sa <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help       show this help message and exit
  -r, --rawdata    get sa cache and print raw data without write db
  -m, --makecache  get sa cache
  -l, --list       list all sa info
  -t, --total      get sa info statistics
  -v, --verbose    show verbose output
cve-ease sa -m # 爬取 SA 信息并写入数据库
cve-ease sa -l # 从数据库获取并格式化显示 SA 信息
cve-ease sa -t # 从数据库获取并显示 SA 统计信息
cve-ease sa -r # 爬取 SA 信息并显示裸数据(未写入数据库)

cvrf子命令

安全公告相关

cve-ease cvrf -m # 爬取 CVRF 信息并写入数据库
cve-ease cvrf -l # 从数据库获取并格式化显示 CVRF 信息
cve-ease cvrf -t # 从数据库获取并显示 CVRF 统计信息

rpm子命令

Usage: cve-ease rpm <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help     show this help message and exit
  -l, --list     list all rpm info
  -v, --verbose  show verbose output
cve-ease rpm -l # 调用rpm接口列出当前系统中已安装的rpm包信息

repodata子命令

Usage: cve-ease repodata <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help            show this help message and exit
  -m, --makecache       cache repodata to database
  -p PRODUCT, --product=PRODUCT
                        specific product (work with --check)
  --osv=OSV             specific osv rpm release
  -t, --total           get total rpm statistics
  -l, --list            list all rpm
  -c, --check           check repo cve
  -v, --verbose         show verbose output
cve-ease repodata -p ctyunos2 -m  # 选定ctyunos2作为OSV版本,缓存ctyunos2的源数据,写入数据库
cve-ease repodata --osv ctyunos2 -p openEuler-22.03-LTS -c # ctyunos2的源于openEuler源做比对
cve-ease repodata -l # 列出数据库中包含的包信息
cve-ease repodata -t # 获取数据库中源包的统计信息

logger子命令

Usage: cve-ease logger <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help     show this help message and exit
  -l, --list     list all logger info
  -t, --total    get logger statistics
  -v, --verbose  show verbose output

db子命令

Usage: cve-ease db <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help     show this help message and exit
  -p, --purge    purge db and recreate it (Danger Operation)
  -s, --stats    get database statistics
  -v, --verbose  show verbose output

notifier消息通知类命令

wecom企业微信群聊机器人

Usage: cve-ease wecom <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help            show this help message and exit
  -t, --test            run test
  -v, --verbose         show verbose output
  -c CONTENT, --content=CONTENT
                        show verbose output
cve-ease wecom -t     # 发送测试消息到企业微信群
cve-ease wecom -t -c 'helloworld'   # 发送自定义测试消息到企业微信群

dingding钉钉群聊机器人

Usage: cve-ease dingding <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help            show this help message and exit
  -t, --test            run test
  -v, --verbose         show verbose output
  -c CONTENT, --content=CONTENT
                        show verbose output
cve-ease dingding -t     # 发送测试消息到钉钉群
cve-ease dingding -t -c 'helloworld'   # 发送自定义测试消息到钉钉群

feishu飞书群聊机器人

Usage: cve-ease feishu <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help            show this help message and exit
  -t, --test            run test
  -v, --verbose         show verbose output
  -c CONTENT, --content=CONTENT
                        show verbose output
cve-ease feishu -t     # 发送测试消息到飞书群
cve-ease feishu -t -c 'helloworld'   # 发送自定义测试消息到飞书群

mail163邮箱

Usage: cve-ease mail163 <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help            show this help message and exit
  -t, --test            run test
  -v, --verbose         show verbose output
  -c CONTENT, --content=CONTENT
                        show verbose output
cve-ease mail163 -t     # 发送测试消息到163邮箱
cve-ease mail163 -t -c 'helloworld'   # 发送自定义测试消息到163邮箱

mailqq邮箱

Usage: cve-ease mailqq <options>
(Specify the --help global option for a list of other help options)

Options:
  -h, --help            show this help message and exit
  -t, --test            run test
  -v, --verbose         show verbose output
  -c CONTENT, --content=CONTENT
                        show verbose output
cve-ease mailqq -t     # 发送测试消息到QQ邮箱
cve-ease mailqq -t -c 'helloworld'   # 发送自定义测试消息到QQ邮箱

如何参与贡献

  1. Fork 本仓库
  2. 当前快速迭代期间,仅 master 分支,因此您只需在 master 做变更后提交
  3. 创建 pr ,描述清楚 pr 的具体功能、作用,并提供相关测试用例
  4. 通知仓库 maintainer 审核 pr

核心研发人员及联系方式

交流群

微信交流群

木兰宽松许可证, 第2版 木兰宽松许可证, 第2版 2020年1月 http://license.coscl.org.cn/MulanPSL2 您对“软件”的复制、使用、修改及分发受木兰宽松许可证,第2版(“本许可证”)的如下条款的约束: 0. 定义 “软件”是指由“贡献”构成的许可在“本许可证”下的程序和相关文档的集合。 “贡献”是指由任一“贡献者”许可在“本许可证”下的受版权法保护的作品。 “贡献者”是指将受版权法保护的作品许可在“本许可证”下的自然人或“法人实体”。 “法人实体”是指提交贡献的机构及其“关联实体”。 “关联实体”是指,对“本许可证”下的行为方而言,控制、受控制或与其共同受控制的机构,此处的控制是指有受控方或共同受控方至少50%直接或间接的投票权、资金或其他有价证券。 1. 授予版权许可 每个“贡献者”根据“本许可证”授予您永久性的、全球性的、免费的、非独占的、不可撤销的版权许可,您可以复制、使用、修改、分发其“贡献”,不论修改与否。 2. 授予专利许可 每个“贡献者”根据“本许可证”授予您永久性的、全球性的、免费的、非独占的、不可撤销的(根据本条规定撤销除外)专利许可,供您制造、委托制造、使用、许诺销售、销售、进口其“贡献”或以其他方式转移其“贡献”。前述专利许可仅限于“贡献者”现在或将来拥有或控制的其“贡献”本身或其“贡献”与许可“贡献”时的“软件”结合而将必然会侵犯的专利权利要求,不包括对“贡献”的修改或包含“贡献”的其他结合。如果您或您的“关联实体”直接或间接地,就“软件”或其中的“贡献”对任何人发起专利侵权诉讼(包括反诉或交叉诉讼)或其他专利维权行动,指控其侵犯专利权,则“本许可证”授予您对“软件”的专利许可自您提起诉讼或发起维权行动之日终止。 3. 无商标许可 “本许可证”不提供对“贡献者”的商品名称、商标、服务标志或产品名称的商标许可,但您为满足第4条规定的声明义务而必须使用除外。 4. 分发限制 您可以在任何媒介中将“软件”以源程序形式或可执行形式重新分发,不论修改与否,但您必须向接收者提供“本许可证”的副本,并保留“软件”中的版权、商标、专利及免责声明。 5. 免责声明与责任限制 “软件”及其中的“贡献”在提供时不带任何明示或默示的担保。在任何情况下,“贡献者”或版权所有者不对任何人因使用“软件”或其中的“贡献”而引发的任何直接或间接损失承担责任,不论因何种原因导致或者基于何种法律理论,即使其曾被建议有此种损失的可能性。 6. 语言 “本许可证”以中英文双语表述,中英文版本具有同等法律效力。如果中英文版本存在任何冲突不一致,以中文版为准。 条款结束 如何将木兰宽松许可证,第2版,应用到您的软件 如果您希望将木兰宽松许可证,第2版,应用到您的新软件,为了方便接收者查阅,建议您完成如下三步: 1, 请您补充如下声明中的空白,包括软件名、软件的首次发表年份以及您作为版权人的名字; 2, 请您在软件包的一级目录下创建以“LICENSE”为名的文件,将整个许可证文本放入该文件中; 3, 请将如下声明文本放入每个源文件的头部注释中。 Copyright (c) [Year] [name of copyright holder] [Software Name] is licensed under Mulan PSL v2. You can use this software according to the terms and conditions of the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: http://license.coscl.org.cn/MulanPSL2 THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. See the Mulan PSL v2 for more details. Mulan Permissive Software License,Version 2 Mulan Permissive Software License,Version 2 (Mulan PSL v2) January 2020 http://license.coscl.org.cn/MulanPSL2 Your reproduction, use, modification and distribution of the Software shall be subject to Mulan PSL v2 (this License) with the following terms and conditions: 0. Definition Software means the program and related documents which are licensed under this License and comprise all Contribution(s). Contribution means the copyrightable work licensed by a particular Contributor under this License. Contributor means the Individual or Legal Entity who licenses its copyrightable work under this License. Legal Entity means the entity making a Contribution and all its Affiliates. Affiliates means entities that control, are controlled by, or are under common control with the acting entity under this License, ‘control’ means direct or indirect ownership of at least fifty percent (50%) of the voting power, capital or other securities of controlled or commonly controlled entity. 1. Grant of Copyright License Subject to the terms and conditions of this License, each Contributor hereby grants to you a perpetual, worldwide, royalty-free, non-exclusive, irrevocable copyright license to reproduce, use, modify, or distribute its Contribution, with modification or not. 2. Grant of Patent License Subject to the terms and conditions of this License, each Contributor hereby grants to you a perpetual, worldwide, royalty-free, non-exclusive, irrevocable (except for revocation under this Section) patent license to make, have made, use, offer for sale, sell, import or otherwise transfer its Contribution, where such patent license is only limited to the patent claims owned or controlled by such Contributor now or in future which will be necessarily infringed by its Contribution alone, or by combination of the Contribution with the Software to which the Contribution was contributed. The patent license shall not apply to any modification of the Contribution, and any other combination which includes the Contribution. If you or your Affiliates directly or indirectly institute patent litigation (including a cross claim or counterclaim in a litigation) or other patent enforcement activities against any individual or entity by alleging that the Software or any Contribution in it infringes patents, then any patent license granted to you under this License for the Software shall terminate as of the date such litigation or activity is filed or taken. 3. No Trademark License No trademark license is granted to use the trade names, trademarks, service marks, or product names of Contributor, except as required to fulfill notice requirements in Section 4. 4. Distribution Restriction You may distribute the Software in any medium with or without modification, whether in source or executable forms, provided that you provide recipients with a copy of this License and retain copyright, patent, trademark and disclaimer statements in the Software. 5. Disclaimer of Warranty and Limitation of Liability THE SOFTWARE AND CONTRIBUTION IN IT ARE PROVIDED WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL ANY CONTRIBUTOR OR COPYRIGHT HOLDER BE LIABLE TO YOU FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO ANY DIRECT, OR INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING FROM YOUR USE OR INABILITY TO USE THE SOFTWARE OR THE CONTRIBUTION IN IT, NO MATTER HOW IT’S CAUSED OR BASED ON WHICH LEGAL THEORY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 6. Language THIS LICENSE IS WRITTEN IN BOTH CHINESE AND ENGLISH, AND THE CHINESE VERSION AND ENGLISH VERSION SHALL HAVE THE SAME LEGAL EFFECT. IN THE CASE OF DIVERGENCE BETWEEN THE CHINESE AND ENGLISH VERSIONS, THE CHINESE VERSION SHALL PREVAIL. END OF THE TERMS AND CONDITIONS How to Apply the Mulan Permissive Software License,Version 2 (Mulan PSL v2) to Your Software To apply the Mulan PSL v2 to your work, for easy identification by recipients, you are suggested to complete following three steps: i Fill in the blanks in following statement, including insert your software name, the year of the first publication of your software, and your name identified as the copyright owner; ii Create a file named “LICENSE” which contains the whole context of this License in the first directory of your software package; iii Attach the statement to the appropriate annotated syntax at the beginning of each source file. Copyright (c) [Year] [name of copyright holder] [Software Name] is licensed under Mulan PSL v2. You can use this software according to the terms and conditions of the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at: http://license.coscl.org.cn/MulanPSL2 THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. See the Mulan PSL v2 for more details.
Starred
52
Star
52
Fork
10

简介

Collect and analysis CVE information published by the community, differential broadcast it to users through various channels, and provide multiple interfaces to security manufacturer to improve the capability of system security management. 展开 收起
infrastructure
暂无标签
/openeuler/cve-ease
Python 等 4 种语言
Python
96.8%
Makefile
2.9%
Dockerfile
0.2%
Roff
0.1%
MulanPSL-2.0
使用 MulanPSL-2.0 开源许可协议
取消

发行版

暂无发行版

开源评估指数源自 OSS-Compass 评估体系,评估体系围绕以下三个维度对项目展开评估:

1. 开源生态

  • 生产力:来评估开源项目输出软件制品和开源价值的能力。
  • 创新力:用于评估开源软件及其生态系统的多样化程度。
  • 稳健性:用于评估开源项目面对多变的发展环境,抵御内外干扰并自我恢复的能力。

2. 协作、人、软件

  • 协作:代表了开源开发行为中协作的程度和深度。
  • 人:观察开源项目核心人员在开源项目中的影响力,并通过第三方视角考察用户和开发者对开源项目的评价。
  • 软件:从开源项目对外输出的制品评估其价值最终落脚点。也是开源评估最“古老”的主流方向之一“开源软件” 的具体表现。

3. 评估模型

    基于“开源生态”与“协作、人、软件”的维度,找到与该目标直接或间接相关的可量化指标,对开源项目健康与生态进行量化评估,最终形成开源评估指数。

贡献者

全部

近期动态

加载更多
不能加载更多了
1
https://gitee.com/openeuler/cve-ease.git
git@gitee.com:openeuler/cve-ease.git
openeuler
cve-ease
cve-ease
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部