new_source.md

Steps to add a new source

New Feeder

1. Create a new feeder in vulnerabilitylookup/feeders/. A generic feeder needs to inherit from AbstractFeeder, but if it is a CSAF provider, use CSAFGeneric instead.

   Example: vulnerabilitylookup/feeders/my_feeder.py

2. Create a config file for the logger in vulnerabilitylookup/config/ with the name <feedname>_logging.json

   Example: vulnerabilitylookup/config/my_feeder_logging.json

3. Create the script that will run regularly to fetch the data in bin/.

   Example: bin/my_feeder.py

4. Add a reference to that file in pyproject.toml under the tool.poetry.scripts section.

   Example: my_feeder = "bin.my_feeder:main"

5. Add a call in the list of importers of the start script in bin/start.py.

   Example: my_feeder

6. Run poetry install to add the new script, and the command my_feeder is available. You can run it manually for testing, and it will be automatically started next time you restart the application.

Add the new source in the web interface

1. Add my_feeder to the list of sources in config/website.py.sample (and update config/website.py).

2. Update website/web/templates/main.html with the new source.

<link href="{{ url_for('home_bp.feed_recent', format='atom', source='myfeeder') }}" rel="alternate" title="Recent vulnerabilities from myfeeder." type="application/atom+xml">

3. If the source is not a CSAF provider, update website/web/templates/recent.html with the new source (see in the file for what is needed).

4. Update website/web/templates/search.html with the new source (see in the file for what is needed).

5. Update website/web/templates/vuln.html with the new source (see in the file for what is needed).

6. Update website/web/templates/vulnerability_templates.html with the new source. This one is the macro to render the vulnerability on the website. Look at the file for details.