tunnel-db

module
v0.0.0-...-90a47d2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2025 License: Apache-2.0

README ΒΆ

Tunnel DB

Build DB GitHub Release Downloads Go Report Card Go Doc License

πŸš€ Overview

tunnel-db is a CLI tool and library for managing Tunnel DB, a database containing vulnerability information from sources such as NVD, Red Hat, Debian, and others.

πŸ“š Library

Tunnel internally uses tunnel-db to manage its vulnerability database efficiently.

πŸ› οΈ CLI Tool

The tunnel-db CLI allows users to build, compact, and compress vulnerability databases. It integrates with GitHub Actions to periodically update the database and push it to the GitHub Container Registry.

NAME:
   tunnel-db - Tunnel DB builder

USAGE:
   tunnel-db [global options] command [command options] image_name

VERSION:
   0.0.1

COMMANDS:
   build    Build a database file
   help, h  Show help for commands

GLOBAL OPTIONS:
   --help, -h     Show help
   --version, -v  Print the version

πŸ”§ Building Tunnel DB

To build tunnel-db locally, follow these steps:

make db-fetch-langs db-fetch-vuln-list  # Download advisories and required files
make build                              # Compile `tunnel-db` binary
make db-build                           # Build the database
make db-compact                         # Compact the database
make db-compress                        # Compress database into `db.tar.gz`
πŸ“¦ Pushing to a Registry (GHCR)

To build and push a tunnel-db image to GitHub Container Registry using Oras CLI:

oras push --artifact-type application/vnd.khulnasoft.tunnel.config.v1+json \
  "ghcr.io/khulnasoft-lab/tunnel-db:2" \
  db.tar.gz:application/vnd.khulnasoft.tunnel.db.layer.v1.tar+gzip

⏳ Update Interval

  • Tunnel DB is rebuilt every 6 hours.
  • The default update interval in the metadata file is 24 hours.
  • For more frequent updates, you can manually upload a new database.

πŸ“₯ Downloading the Vulnerability Database

πŸ”΄ Version 1 (Deprecated)

Tunnel DB v1 support ended in February 2023. Upgrade to Tunnel v0.23.0 or later. More details in this discussion.

🟒 Version 2 (Current)

Tunnel DB v2 is hosted on GitHub Container Registry (GHCR).

βœ… Using Tunnel
TUNNEL_TEMP_DIR=$(mktemp -d)
tunnel --cache-dir $TUNNEL_TEMP_DIR image --download-db-only
tar -cf ./db.tar.gz -C $TUNNEL_TEMP_DIR/db metadata.json tunnel.db
rm -rf $TUNNEL_TEMP_DIR
βœ… Using Oras CLI

For Oras v0.13.0+:

oras pull ghcr.io/khulnasoft-lab/tunnel-db:2

For Oras < v0.13.0:

oras pull -a ghcr.io/khulnasoft-lab/tunnel-db:2

🌍 Air-Gapped Environments

The database can be used in air-gapped environments where internet access is restricted.

πŸš€ Stay Updated – Check out the official documentation for more details and updates.

Directories ΒΆ

Path Synopsis
cmd
tunnel-db
pkg
db
dbtest
log
metadata
types
utils
utils/ints
utils/strings
vulndb
vulnsrc
vulnsrc/alma
vulnsrc/alpine
vulnsrc/amazon
vulnsrc/arch-linux
vulnsrc/azure
vulnsrc/azure/oval
vulnsrc/bitnami
vulnsrc/bucket
vulnsrc/bundler
vulnsrc/chainguard
vulnsrc/composer
vulnsrc/debian
vulnsrc/ghsa
vulnsrc/glad
vulnsrc/govulndb
vulnsrc/k8svulndb
vulnsrc/node
vulnsrc/nvd
vulnsrc/oracle-oval
vulnsrc/osv
vulnsrc/photon
vulnsrc/redhat
vulnsrc/redhat-oval
vulnsrc/rocky
vulnsrc/suse-cvrf
vulnsrc/ubuntu
vulnsrc/vulnerability
vulnsrc/wolfi
vulnsrctest

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher πŸ‡»πŸ‡³