ThreatDB is a graph database for application components and vulnerabilities powered by dgraph. Currently, CycloneDX 1.4 SBoM and VEX files could be imported and queried with this project.
git clone https://github.com/appthreat/threat-db.git
cd threat-db
mkdir -p $HOME/dgraph $HOME/threatdb_data_dir
docker compose up
This would start a threat db api server (PORT: 9000) and an instance of dgraph standalone (PORTS: 8080, 9080).
To create the schemas and the first administrator user.
git clone https://github.com/appthreat/threat-db.git
pip install poetry
poetry install
export DGRAPH_API_KEY=changeme
poetry run threat_db_admin --init --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql
poetry run threat_db_admin --create-root-user --dgraph-host localhost:9080 --graphql-host http://localhost:8080/graphql
Copy the user id and password from the logs.
mkdir -p $HOME/threatdb_data_dir
threat_db --data-dir $HOME/threatdb_data_dir
When invoked with docker compose, any .vex.json files present in the directory THREATDB_DATA_DIR
would be imported automatically. For testing purposes, you can download some sample VEX files from here
curl -X POST http://0.0.0.0:9000/login -d "username=user id&password=password" -H "Content-Type: application/json"
Useful one-liner for automation
export ACCESS_TOKEN=$(curl -X POST http://0.0.0.0:9000/login -d '{"username":"username","password":"password"}' -H "Content-Type: application/json" | jq -r '.access_token')
curl http://0.0.0.0:9000/healthcheck
curl http://0.0.0.0:9000/whoami -H "Authorization: Bearer $ACCESS_TOKEN"
curl -F 'file=@/tmp/bom.json' http://0.0.0.0:9000/import -H "Authorization: Bearer $ACCESS_TOKEN"
Refer to the instructions under contrib to setup a microk8s cluster with threat-db and dgraph.
The developers could be reached via the discord channel.