This PR defines a new collection to store KEV (Known Exploited Vulnerability) data and adds a new cyhy-kevsync utility that can import a JSON file containing the KEV data into the CyHy database.
Since I was here, I alphabetized our collection names in a couple of places.
I verified that cyhy-kevsync works as expected when run in the default mode (fetch JSON file from a well-known URL) and in the mode where a local JSON file is provided.
I also confirmed that previously-imported KEVs were correctly deleted from the database if they were not included in a more-recent JSON file that was imported.
โ Pre-approval checklist
[x] This PR has an informative and human-readable title.
[x] Changes are limited to a single goal - eschew scope creep!
[x] All relevant type-of-change labels have been added.
๐ฃ Description
This PR defines a new collection to store KEV (Known Exploited Vulnerability) data and adds a new
cyhy-kevsyncutility that can import a JSON file containing the KEV data into the CyHy database.Since I was here, I alphabetized our collection names in a couple of places.
๐ญ Motivation and context
Resolves https://github.com/cisagov/cyhy-system/issues/39 and resolves https://github.com/cisagov/cyhy-system/issues/40.
๐งช Testing
I verified that
cyhy-kevsyncworks as expected when run in the default mode (fetch JSON file from a well-known URL) and in the mode where a local JSON file is provided.I also confirmed that previously-imported KEVs were correctly deleted from the database if they were not included in a more-recent JSON file that was imported.
โ Pre-approval checklist