VEXGen
What is VEXGen?
VEXGen is a simple generating tool of Vulnerability Exploitability eXchange (VEX) and Thread Intelligence eXchange (TIX) files.
Development requirements
- Docker to deploy the tool.
- Docker Compose for container orchestration.
- It is recommended to use a GUI such as MongoDB Compass.
- The Neo4J browser interface to visualize the graph built from the data is in localhost:7474 when the container is running.
- Python 3.13 or higher.
Deployment with docker
1. Clone the repository
Clone the repository from the official GitHub repository:
git clone https://github.com/securechaindev/securechain-vexgen.git
cd securechain-vexgen
2. Configure environment variables
Create a .env file from the template.env file and place it in the app/ directory.
Get API Keys
-
How to get a GitHub API key.
-
Modify the Json Web Token (JWT) secret key and algorithm with your own. You can generate your own secret key with the command openssl rand -base64 32.
3. Create Docker network
Ensure you have the securechain Docker network created. If not, create it with:
docker network create securechain
4. Databases containers
For graphs and vulnerabilities information you need to download the zipped data dumps from Zenodo. Once you have unzipped the dumps, inside the root folder run the command:
docker compose up --build
The containerized databases will also be seeded automatically.
5. Start the application
Run the command from the project root:
docker compose -f dev/docker-compose.yml up --build
6. Access the application
The API will be available at http://localhost:8002. You can access the API documentation at http://localhost:8002/docs. Also, in http://localhost:8001/docs you can access the auth API documetation.
Python Environment
The project uses Python 3.13 and the dependencies are listed in requirements.txt.
Setting up the development environment
- Create a virtual environment:
python3.13 -m venv vexgen-env - Activate the virtual environment:
source vexgen-env/bin/activate - Install dependencies:
pip install -r requirements.txt
Endpoints Specification
Vulnerability Exploitybility eXchange (VEX) endpoints
Description: Fetches all VEX documents associated with a specific user.
Path Parameters:
- User ID: The ID of the user whose VEX documents to retrieve.
Response: List of VEX documents with metadata and JSON content.
Description: Fetches a specific VEX document by its ID.
Path Parameters:
- VEX ID: The ID of the VEX document to retrieve.
Response: VEX document metadata and content in JSON format.
Description: Downloads a VEX document as a ZIP file using a specific VEX ID.
Request Body:
- vex_id: The ID of the VEX document to download.
Response: A downloadable ZIP file containing the VEX document.
Thread Intelligence eXchange (TIX) endpoints
Description: Fetches all TIX documents associated with a specific user.
Path Parameters:
- User ID: The ID of the user whose TIX documents to retrieve.
Response: List of TIX documents with metadata and JSON content.
Description: Fetches a specific TIX document by its ID.
Path Parameters:
- TIX ID: The ID of the TIX document to retrieve.
Response: TIX document metadata and content in JSON format.
Description: Downloads a TIX document as a ZIP file using a specific TIX ID.
Request Body:
- tix_id: The ID of the TIX document to download.
Response: A downloadable ZIP file containing the TIX document.
Generation endpoints
Description: Generates VEX and TIX for a specific GitHub repository.
Request Body:
- repository_url: The URL of the GitHub repository.
- branch: The branch to analyze (optional).
- commit_sha: Specific commit SHA to analyze (optional).
Response: A downloadable ZIP file containing generated VEX and TIX documents.