Open Security Issue Database
OSIDB projects aims to create an easy-to-use open-source PSIRT tooling framework designed for collecting, storing, processing, and providing security vulnerability data accross software offering portfolio.
- Incorporate an enterprise-ready solution and start tracking security vulnerabilities in your organization's offerings or utilize an outstanding tooling support to tune your exising product security workflow.
- Create and manage the records on CVEs and potential security issues throughout your portfolio. Set their impact, source, CWE, CVSS score, description, and more together with information on what products and components are being affected.
- Comply with security embargo and manage the access to the sensitive data with fine-grained granularity.
- Automate your security data intake with autonomous data collectors.
- Adjust the service to your special needs by custom apps.
- And more...
OSIDB project is build on Django framework. PostgreSQL provide the underlying database. Celery with Redis is used for asynchronous workloads execution. Gunicorn serves as the WSGI HTTP server. Authentication is performed by Kerberos and the authorization by LDAP. Bugzilla and Jira are currently supported as the data sources. OSIDB runs as a set cooperating containers. The deployment is done by Podman and Podman Compose.
osidb contains the core of the service. Data models, validations, serializers, API, and other vital parts are defined there. You can find more details here. Additional functionality is implemented by specialized apps.
Various data sources are being collected by collectors. They are build on collector framework.
Use Makefile as the local service entrypoint. Run
make help
to see all available options. Run
make start-local
to start the service. When running for the first time it gives you hints on what needs to be set to start successfully. The details of the service setup can be found here.
Once you have done setting up your OSIDB instance you can start using it. Follow the tutorial and numerous examples in there to get familiar with how to authenticate to and query the service REST API.
All the user facing documentation can be found here.
OSIDB project is an open initiative and we welcome any help. If you are interested in joining us please start by reading contributing guidlines.
All the developer facing documentation can be found here.
OSIDB service is still under heavy development and new features, improvemnts, and bug fixes are being continuously delivered. Everything is potentially a subject to change. However, the breaking changes are being considered carefully as the project is already in a general availability stage and is being actively used in production environments. The changes are tracked in CHANGELOG.