This is a slack bot which will send a message to a channel when a new CVE vulnerability is published.
I am pulling the data for CVEs from securityvulnerability.io, because they have the data in an easily accessible format.
- Ensure you have Docker installed
- Setup a MySQL DB with the following info (I'm not skilled enough for auto DB setup)
┌─────────────────────────────────────────────────────────────┐ │ Table: product_alerts Primary Key: id │ ├────┬─────────────────┬──────────────────┬───────────────── │ │ # │ column_name │ data_type │ is_nullable │ ├────┼─────────────────┼──────────────────┼───────────────── │ │ 1 │ id │ bigint unsigned │ NO │ │ 2 │ product │ text │ YES │ │ 3 │ ping_ids │ mediumtext │ YES │ └────┴─────────────────┴──────────────────┴───────────────────┘ ┌─────────────────────────────────────────────────────────────┐ │ Table: vendor_alerts Primary Key: id │ ├────┬─────────────────┬──────────────────┬───────────────── │ │ # │ column_name │ data_type │ is_nullable │ ├────┼─────────────────┼──────────────────┼───────────────── │ │ 1 │ id │ bigint unsigned │ NO │ │ 2 │ vendor │ text │ YES │ │ 3 │ ping_ids │ mediumtext │ YES │ └────┴─────────────────┴──────────────────┴───────────────────┘ - Clone the repository
- Navigate into it, and run
sudo docker build -t cve-slack . - Create the file
compose.yamlwith the following contents
services:
cve-slack:
image: cve-slack
restart: unless-stopped
environment:
- SLACK_BOT_TOKEN=[your bot token]
- SLACK_APP_TOKEN=[your app token]
- SLACK_CHANNEL=[channel for alerts]
- DB_HOST=[ip for mysql db]
- DB_PORT=[port for mysql db]
- DB_USERNAME=[mysql login username]
- DB_PASSWORD=[mysql login password]
- DB_DB=[name of mysql db that data is stored in]
env_file:
.env
volumes:
cve-slack-data:/usr/src/app/data
- Run
sudo docker volume create cve-slack-data - Run
sudo docker compose up -d