NVIP is an open source Java platform that provides an efficient management of the software vulnerability data.
For more details about each component please refer to the Readme files under each directory.
The back end platform that does all CVE mining, characterization, product name extraction, and CVSS scoring etc.
The proof-of-concept user interface that lists crawled and characterized CVEs.
The repository that includes the training data sets and required resources for CVE characterization, product name extraction and CVSS scoring.
jar files (libraries) that are needed to run the nvip backend system.
To start using nvip:
Install MySQL (version 8) as well as MYSQL workbench and Command Line Client.
Create the nvip database by executing the SQL script provided at "nvip_data/mysql-database" in the MySQL Workbench. The script can be executed in a query editor in the MySQL Workbench (File/New Query Tab).
Once the database is created, run the jar file named "nvip-1.0.jar", by opening the command prompt and executing the command "java -Xms8G -Xmx16G -jar nvip-1.0.jar". The system will scrape CVE sources (URLs) included in the 'nvipsourceurl' table and update CVEs in the MySQL database.
To start viewing scraped CVEs, install the nvip_ui project. For details about how to setup the nvip_ui project, please follow the instructions in "nvip_ui/Readme.md".
Note: To have the most up-to-date CVE sources in the nvipsourceurl table in mysql, you may want to run the CVE source update tool by: "java -Xms1G -Xmx4G -cp "nvip-1.0.jar;nvip_lib/*" edu.rit.se.nvip.cvesource.UpdateNvipSourceUrlList"