This repository contains services that support the CVE Program's mission to "identify, define, and catalog publicly disclosed cybersecurity vulnerabilities."
There are many ways one can assist:
Developers can contribute code directly. Getting started can be as fast as choosing an issue on our board.
Please read our contributor's guide for more details. We welcome all contributions!
The CVE project operates as multiple focused working groups. Visit the CVE Website working groups page for more information.
Warning Do not put vulnerability information in a GitHub issue.
Please consult our SECURITY.md for specific instructions on reporting a vulnerability that exists in the CVE Services.
This project uses or depends on software from
This project follows the JavaScript Standard Style.
See the Docker README found in the repo here: https://github.com/CVEProject/cve-services/blob/dev/docker/README.md
Warning
DO NOT use the dev configuration on a public network. The dev environment includes credentials to enable rapid development and is not secure for public deployment.
This assumes node
16.14.2 and the latest npm
are installed.
cd cve-services
npm install
Install MongoDB locally
Download MongoDB Compass (MongoDB GUI)
Create a cve_dev
database in Compass. The collections will be automatically created when the API starts storing documents.
You can populate the database with test data using:
npm run populate:dev
In order to start a dev environment:
npm run start:dev
API documentation is generated using swagger-autogen which ensures that we keep the API specification up to date with any major changes to API routes. Extra information for each API route is defined as a comment in the index.js
files under the respective controller and all request and response schemas are stored under the schemas
folder served up by schemas.controller
.
To ensure you are using the correct API specification the following endpoints can be used:
Note: The specification file stored in GitHub will only be correct for that branch; there could be differences between branches and production.
If you are developer and want to test changes to the API specification you can generate a specification in one of two ways:
When you start your local development server using npm run start:dev
the specification file will be generated. Subsequent changes require reloading the server.
You can use npm run swagger-autogen
to generate a new specification file.
This project uses the following for unit testing
In order to run the unit tests:
npm run start:test