CVE Dashboard
A comprehensive vulnerability management system designed for tracking CVE (Common Vulnerabilities and Exposures) remediation status and maintaining vendor documentation compliance.
📋 Table of Contents
- Overview
- Key Features
- Architecture
- Prerequisites
- Installation
- Configuration
- Usage Guide
- API Documentation
- Database Schema
- File Organization
- Troubleshooting
- Roadmap
- Contributing
- Author
🎯 Overview
The CVE Dashboard solves a critical problem in vulnerability management: quickly determining whether a CVE has been addressed and if required vendor documentation exists before requesting false positive designations from security teams.
Problem Statement
Security teams report vulnerabilities that may not apply to your environment. Before requesting a false positive designation, you need to:
- ✅ Verify if the CVE has already been addressed
- ✅ Confirm you have required vendor documentation (advisories, correspondence, proof of remediation)
- ✅ Maintain organized records for audits and compliance
Solution
This dashboard provides:
- Instant CVE status verification via Quick Check
- Document compliance tracking to ensure you have required vendor documentation
- Automated file organization maintaining the structure:
CVE-ID/Vendor/Documents - Searchable database with filters for vendor, severity, and status
- RESTful API for integration with other systems
✨ Key Features
🔍 Quick CVE Status Check
- Instant verification: Enter any CVE ID and immediately see if it's been addressed
- Document compliance: Shows which documents are present (Advisory ✓, Email ○, Screenshot ○)
- Visual indicators: Color-coded results (green = addressed, yellow = not found, red = missing required docs)
📂 Document Management
- Upload documents: PDF, images, Word docs, text files (up to 10MB)
- Automatic organization: Files stored as
uploads/CVE-2024-1234/Microsoft/advisory.pdf - Document types: Advisory, Email, Screenshot, Patch, Other
- View & Delete: Direct links to view documents, delete with confirmation
🔎 Search & Filter
- Search by CVE ID or description: Find vulnerabilities quickly
- Filter by vendor: Microsoft, Cisco, Oracle, VMware, Adobe, etc.
- Filter by severity: Critical, High, Medium, Low
- Real-time results: Updates as you type
📊 Compliance Tracking
- Document status badges: "✓ Docs Complete" or "⚠ Incomplete"
- Required documents: Advisory (mandatory), Email (optional), Screenshot (optional)
- Vendor-specific requirements: Customizable per vendor
🎨 Charter/Spectrum Branding
- Corporate colors: Charter Blue (#0476D9) throughout
- Professional design: Clean, modern interface
- Responsive layout: Works on desktop and tablets
🏗️ Architecture
┌─────────────────────────────────────────────────────────┐
│ CVE Dashboard │
├─────────────────────────────────────────────────────────┤
│ │
│ ┌──────────────┐ ┌──────────────────────┐ │
│ │ Frontend │ │ Backend API │ │
│ │ │ HTTP │ │ │
│ │ React + │◄───────►│ Express.js │ │
│ │ Tailwind │ :3001 │ │ │
│ │ │ │ ┌─────────────────┐ │ │
│ │ Port: 3000 │ │ │ SQLite DB │ │ │
│ └──────────────┘ │ │ - cves │ │ │
│ │ │ - documents │ │ │
│ │ │ - required_docs│ │ │
│ │ └─────────────────┘ │ │
│ └──────────────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────┐ │
│ │ File Storage │ │
│ │ │ │
│ │ uploads/ │ │
│ │ └─ CVE-2024-1234/ │ │
│ │ └─ Microsoft/ │ │
│ │ ├─ advisory.pdf│ │
│ │ └─ email.pdf │ │
│ └──────────────────────┘ │
└─────────────────────────────────────────────────────────┘
Technology Stack
Frontend:
- React 18
- Tailwind CSS (via CDN)
- Lucide React (icons)
- Fetch API
Backend:
- Node.js v18+
- Express.js 4
- SQLite3
- Multer (file uploads)
- CORS
Database:
- SQLite (development/production)
- Easily upgradeable to PostgreSQL
📦 Prerequisites
- Node.js: v18.0.0 or higher
- npm: v8.0.0 or higher
- Git: For version control
- Linux/Unix environment: Tested on Ubuntu 20.04+
Check your versions:
node --version
npm --version
git --version
🚀 Installation
1. Clone the Repository
git clone https://vulcan.apophisnetworking.net/jramos/cve-dashboard.git
cd cve-dashboard
2. Install Backend Dependencies
cd backend
npm install
Expected packages:
- express
- sqlite3
- multer
- cors
3. Install Frontend Dependencies
cd ../frontend
npm install
Expected packages:
- react
- react-dom
- react-scripts
- lucide-react
4. Initialize the Database
cd ../backend
node setup.js
This will:
- ✅ Create
cve_database.db - ✅ Create tables:
cves,documents,required_documents - ✅ Create indexes for fast queries
- ✅ Create
cve_document_statusview - ✅ Create
uploads/anduploads/temp/directories - ✅ Insert default required documents for major vendors
Expected output:
🚀 CVE Database Setup
════════════════════════════════════════
✓ Created uploads directory
✓ Database initialized successfully
✓ Database connection closed
╔════════════════════════════════════════════════════════╗
║ CVE DATABASE SETUP COMPLETE! ║
╚════════════════════════════════════════════════════════╝
5. Configure Server IP
Edit frontend/src/App.js and update the API URL (line 5):
const API_BASE = 'http://YOUR_SERVER_IP:3001/api';
Example:
const API_BASE = 'http://192.168.2.117:3001/api';
6. Add Tailwind CSS to Frontend
Edit frontend/public/index.html and add this line in the <head> section:
<script src="https://cdn.tailwindcss.com"></script>
7. Create Startup Scripts (Optional but Recommended)
Create start-servers.sh:
cd /home/cve-dashboard
cat > start-servers.sh << 'EOF'
#!/bin/bash
echo "Starting CVE Dashboard servers..."
# Start backend
cd backend
nohup node server.js > backend.log 2>&1 &
BACKEND_PID=$!
echo "Backend started (PID: $BACKEND_PID)"
# Start frontend
cd ../frontend
nohup npm start > frontend.log 2>&1 &
FRONTEND_PID=$!
echo "Frontend started (PID: $FRONTEND_PID)"
# Save PIDs
echo $BACKEND_PID > ../backend.pid
echo $FRONTEND_PID > ../frontend.pid
echo "✓ Both servers running in background"
echo " Backend: http://localhost:3001"
echo " Frontend: http://localhost:3000"
EOF
chmod +x start-servers.sh
Create stop-servers.sh:
cat > stop-servers.sh << 'EOF'
#!/bin/bash
echo "Stopping CVE Dashboard servers..."
if [ -f backend.pid ]; then
kill $(cat backend.pid) 2>/dev/null
rm backend.pid
echo "✓ Backend stopped"
fi
if [ -f frontend.pid ]; then
kill $(cat frontend.pid) 2>/dev/null
rm frontend.pid
echo "✓ Frontend stopped"
fi
pkill -f "node server.js"
pkill -f "react-scripts start"
echo "All servers stopped"
EOF
chmod +x stop-servers.sh
⚙️ Configuration
Backend Configuration
CORS Settings (backend/server.js):
app.use(cors({
origin: ['http://localhost:3000', 'http://192.168.2.117:3000'],
credentials: true
}));
File Upload Limits (backend/server.js):
const upload = multer({
storage: storage,
limits: { fileSize: 10 * 1024 * 1024 } // 10MB limit
});
Port Configuration (backend/server.js):
const PORT = 3001;
Frontend Configuration
API Base URL (frontend/src/App.js):
const API_BASE = 'http://192.168.2.117:3001/api';
Severity Levels (frontend/src/App.js):
const severityLevels = ['All Severities', 'Critical', 'High', 'Medium', 'Low'];
Database Configuration
Add Required Documents for New Vendor:
sqlite3 backend/cve_database.db
INSERT INTO required_documents (vendor, document_type, is_mandatory, description)
VALUES ('Adobe', 'advisory', 1, 'Adobe Security Bulletin');
Update CVE Status Values:
Modify in backend/server.js or directly in database:
Open- CVE identified, not yet addressedAddressed- CVE has been remediatedFalse Positive Requested- Submitted to security teamFalse Positive Approved- Confirmed false positiveClosed- No action required
📖 Usage Guide
Starting the Application
Option 1: Manual Start
# Terminal 1 - Backend
cd /home/cve-dashboard/backend
node server.js
# Terminal 2 - Frontend
cd /home/cve-dashboard/frontend
npm start
Option 2: Using Startup Scripts
cd /home/cve-dashboard
./start-servers.sh
Access the application:
- Frontend:
http://YOUR_SERVER_IP:3000 - Backend API:
http://YOUR_SERVER_IP:3001
Adding a New CVE
- Click the "+ Add New CVE" button (top right)
- Fill in the form:
- CVE ID: e.g.,
CVE-2024-1234 - Vendor: e.g.,
Microsoft - Severity: Critical, High, Medium, or Low
- Description: Brief description of the vulnerability
- Published Date: Date the CVE was published
- CVE ID: e.g.,
- Click "Add CVE"
- CVE appears in the dashboard immediately
Uploading Documents
- Find the CVE in the list
- Click "View Documents" to expand
- Click "Upload New Document"
- Select your file (PDF, PNG, JPG, TXT, DOC, DOCX)
- When prompted, specify:
- Document type: advisory, email, screenshot, patch, other
- Notes (optional): Description or context
- File uploads and organizes automatically
File Organization Example:
uploads/
└── CVE-2024-1234/
└── Microsoft/
├── 1706140800000-MS-Security-Advisory.pdf
├── 1706140850000-Vendor-Email.pdf
└── 1706140900000-Patch-Screenshot.png
Using Quick Check
Scenario: Security team reports CVE-2024-5678
- Enter
CVE-2024-5678in the Quick Check box - Click "Check Status"
Result A - Already Addressed:
✓ CVE Addressed
Vendor: Cisco
Severity: High
Status: Addressed
Documents: 2 attached
✓ Advisory ✓ Email ○ Screenshot
Ready for false positive request
Result B - Not Found:
⚠ Not Found
This CVE has not been addressed yet.
No entry exists in the database.
Action Required: Create entry and gather vendor documentation
Result C - Incomplete:
✓ CVE Addressed
Documents: 1 attached
✗ Advisory ○ Email ○ Screenshot
Missing required advisory - obtain before requesting false positive
Searching and Filtering
Search by CVE ID or Description:
- Type in the search box
- Results filter in real-time
Filter by Vendor:
- Select from dropdown: All Vendors, Microsoft, Cisco, Oracle, VMware, Adobe
Filter by Severity:
- Select from dropdown: All Severities, Critical, High, Medium, Low
Combine Filters:
- Search for "remote code" + Vendor: Microsoft + Severity: Critical
Viewing Documents
- Click "View Documents" on any CVE
- See list of attached documents with:
- Document name
- Type (advisory, email, screenshot)
- File size
- Notes
- Click "View" to open document in new tab
- Select checkboxes to export multiple documents
Deleting Documents
- Expand documents for a CVE
- Click red "Delete" button next to document
- Confirm deletion in popup
- Document removed from database and filesystem
Exporting Documents
- Expand documents for one or more CVEs
- Check boxes next to documents you want to export
- Click "Export X Documents for Report" at top
- Currently shows alert (ready for integration with report system)
🔌 API Documentation
Base URL: http://YOUR_SERVER_IP:3001/api
CVE Endpoints
Get All CVEs
GET /api/cves
Query Parameters:
search(optional): Search term for CVE ID or descriptionvendor(optional): Filter by vendor nameseverity(optional): Filter by severity level
Example:
curl "http://192.168.2.117:3001/api/cves?vendor=Microsoft&severity=Critical"
Response:
[
{
"id": 1,
"cve_id": "CVE-2024-1234",
"vendor": "Microsoft",
"severity": "Critical",
"description": "Remote code execution vulnerability",
"published_date": "2024-01-15",
"status": "Addressed",
"created_at": "2024-01-26 10:30:00",
"updated_at": "2024-01-26 10:30:00",
"document_count": 3,
"doc_status": "Complete"
}
]
Check CVE Status
GET /api/cves/check/:cveId
Example:
curl "http://192.168.2.117:3001/api/cves/check/CVE-2024-1234"
Response (Found):
{
"exists": true,
"cve": {
"cve_id": "CVE-2024-1234",
"vendor": "Microsoft",
"severity": "Critical",
"status": "Addressed",
"total_documents": 3,
"has_advisory": 1,
"has_email": 1,
"has_screenshot": 1
},
"addressed": true,
"has_required_docs": true,
"compliance": {
"advisory": true,
"email": true,
"screenshot": true
}
}
Response (Not Found):
{
"exists": false,
"message": "CVE not found - not yet addressed"
}
Create CVE
POST /api/cves
Content-Type: application/json
Body:
{
"cve_id": "CVE-2024-1234",
"vendor": "Microsoft",
"severity": "Critical",
"description": "Remote code execution vulnerability in Windows Server",
"published_date": "2024-01-15"
}
Example:
curl -X POST http://192.168.2.117:3001/api/cves \
-H "Content-Type: application/json" \
-d '{
"cve_id": "CVE-2024-1234",
"vendor": "Microsoft",
"severity": "Critical",
"description": "Remote code execution vulnerability",
"published_date": "2024-01-15"
}'
Response:
{
"id": 1,
"cve_id": "CVE-2024-1234",
"message": "CVE created successfully"
}
Update CVE Status
PATCH /api/cves/:cveId/status
Content-Type: application/json
Body:
{
"status": "False Positive Requested"
}
Example:
curl -X PATCH http://192.168.2.117:3001/api/cves/CVE-2024-1234/status \
-H "Content-Type: application/json" \
-d '{"status": "False Positive Requested"}'
Document Endpoints
Get Documents for CVE
GET /api/cves/:cveId/documents
Example:
curl "http://192.168.2.117:3001/api/cves/CVE-2024-1234/documents"
Response:
[
{
"id": 1,
"cve_id": "CVE-2024-1234",
"name": "MS-Security-Advisory.pdf",
"type": "advisory",
"file_path": "uploads/CVE-2024-1234/Microsoft/1706140800000-MS-Security-Advisory.pdf",
"file_size": "245.50 KB",
"mime_type": "application/pdf",
"uploaded_at": "2024-01-26 10:35:00",
"notes": "Official Microsoft Security Advisory"
}
]
Upload Document
POST /api/cves/:cveId/documents
Content-Type: multipart/form-data
Form Fields:
file: The file to uploadcveId: CVE ID (e.g., CVE-2024-1234)vendor: Vendor name (e.g., Microsoft)type: Document type (advisory, email, screenshot, patch, other)notes(optional): Description
Example:
curl -X POST http://192.168.2.117:3001/api/cves/CVE-2024-1234/documents \
-F "file=@/path/to/advisory.pdf" \
-F "cveId=CVE-2024-1234" \
-F "vendor=Microsoft" \
-F "type=advisory" \
-F "notes=Official security advisory"
Response:
{
"id": 1,
"message": "Document uploaded successfully",
"file": {
"name": "advisory.pdf",
"path": "uploads/CVE-2024-1234/Microsoft/1706140800000-advisory.pdf",
"size": "245.50 KB"
}
}
Delete Document
DELETE /api/documents/:id
Example:
curl -X DELETE http://192.168.2.117:3001/api/documents/1
Response:
{
"message": "Document deleted successfully"
}
Utility Endpoints
Get All Vendors
GET /api/vendors
Example:
curl "http://192.168.2.117:3001/api/vendors"
Response:
["Microsoft", "Cisco", "Oracle", "VMware", "Adobe"]
Get Statistics
GET /api/stats
Example:
curl "http://192.168.2.117:3001/api/stats"
Response:
{
"total_cves": 25,
"critical_count": 8,
"addressed_count": 20,
"total_documents": 75,
"compliant_count": 18
}
🗄️ Database Schema
Tables
cves
Stores CVE metadata and remediation status.
| Column | Type | Description |
|---|---|---|
| id | INTEGER PRIMARY KEY | Auto-incrementing ID |
| cve_id | VARCHAR(20) UNIQUE | CVE identifier (e.g., CVE-2024-1234) |
| vendor | VARCHAR(100) | Vendor name |
| severity | VARCHAR(20) | Critical, High, Medium, Low |
| description | TEXT | Vulnerability description |
| published_date | DATE | Date CVE was published |
| status | VARCHAR(50) | Open, Addressed, False Positive Requested, Closed |
| created_at | TIMESTAMP | Record creation timestamp |
| updated_at | TIMESTAMP | Last update timestamp |
Indexes:
idx_cve_idoncve_ididx_vendoronvendoridx_severityonseverityidx_statusonstatus
documents
Stores document metadata and file locations.
| Column | Type | Description |
|---|---|---|
| id | INTEGER PRIMARY KEY | Auto-incrementing ID |
| cve_id | VARCHAR(20) | Foreign key to cves.cve_id |
| name | VARCHAR(255) | Original filename |
| type | VARCHAR(50) | advisory, email, screenshot, patch, other |
| file_path | VARCHAR(500) | Path to file on filesystem |
| file_size | VARCHAR(20) | File size (e.g., "245.50 KB") |
| mime_type | VARCHAR(100) | MIME type (e.g., "application/pdf") |
| uploaded_at | TIMESTAMP | Upload timestamp |
| notes | TEXT | Optional notes or description |
Foreign Key: cve_id → cves(cve_id) ON DELETE CASCADE
Indexes:
idx_doc_cve_idoncve_ididx_doc_typeontype
required_documents
Defines which document types are mandatory per vendor.
| Column | Type | Description |
|---|---|---|
| id | INTEGER PRIMARY KEY | Auto-incrementing ID |
| vendor | VARCHAR(100) | Vendor name |
| document_type | VARCHAR(50) | advisory, email, screenshot, etc. |
| is_mandatory | BOOLEAN | 1 = required, 0 = optional |
| description | TEXT | Description of requirement |
Default Values:
('Microsoft', 'advisory', 1, 'Official Microsoft Security Advisory')
('Cisco', 'advisory', 1, 'Cisco Security Advisory')
('Oracle', 'advisory', 1, 'Oracle Security Alert')
('VMware', 'advisory', 1, 'VMware Security Advisory')
('Adobe', 'advisory', 1, 'Adobe Security Bulletin')
Views
cve_document_status
Provides real-time compliance status for each CVE.
Columns:
cve_idvendorseveritystatustotal_documents- Count of all documentsadvisory_count- Count of advisory documentsemail_count- Count of email documentsscreenshot_count- Count of screenshot documentscompliance_status- "Complete" or "Missing Required Docs"
Example Query:
SELECT * FROM cve_document_status
WHERE compliance_status = 'Missing Required Docs';
Database Queries
Find all Critical CVEs without required docs:
SELECT c.cve_id, c.vendor, c.description, cd.compliance_status
FROM cves c
JOIN cve_document_status cd ON c.cve_id = cd.cve_id
WHERE c.severity = 'Critical'
AND cd.compliance_status = 'Missing Required Docs';
Get document count by type:
SELECT type, COUNT(*) as count
FROM documents
GROUP BY type
ORDER BY count DESC;
Find CVEs without any documents:
SELECT c.cve_id, c.vendor, c.severity
FROM cves c
LEFT JOIN documents d ON c.cve_id = d.cve_id
WHERE d.id IS NULL;
📁 File Organization
Directory Structure
cve-dashboard/
├── backend/
│ ├── server.js # Express API server
│ ├── setup.js # Database initialization script
│ ├── cve_database.db # SQLite database file
│ ├── package.json # Backend dependencies
│ └── backend.log # Backend log file (if using startup script)
│
├── frontend/
│ ├── public/
│ │ └── index.html # Main HTML (includes Tailwind CDN)
│ ├── src/
│ │ ├── App.js # Main React component
│ │ ├── index.js # React entry point
│ │ └── index.css # Global styles
│ ├── package.json # Frontend dependencies
│ └── frontend.log # Frontend log file (if using startup script)
│
├── uploads/ # File storage (auto-created)
│ ├── temp/ # Temporary upload directory
│ ├── CVE-2024-1234/
│ │ └── Microsoft/
│ │ ├── 1706140800000-advisory.pdf
│ │ └── 1706140850000-email.pdf
│ └── CVE-2024-5678/
│ └── Cisco/
│ └── 1706140900000-advisory.pdf
│
├── .gitignore # Git ignore rules
├── README.md # This file
├── start-servers.sh # Startup script
├── stop-servers.sh # Shutdown script
├── backend.pid # Backend process ID (when running)
└── frontend.pid # Frontend process ID (when running)
File Naming Convention
Uploaded files are automatically prefixed with a timestamp:
[unix_timestamp]-[original_filename]
Example:
1706140800000-MS-Security-Advisory.pdf
This prevents filename collisions and maintains chronological order.
Folder Creation
Folders are created automatically when:
- Database is initialized (
uploads/anduploads/temp/) - First document is uploaded for a CVE (
uploads/CVE-ID/Vendor/)
🔧 Troubleshooting
Backend Won't Start
Error: Cannot find module 'express'
cd /home/cve-dashboard/backend
npm install
Error: Port 3001 is already in use
# Find process using port 3001
netstat -tuln | grep 3001
# or
lsof -i :3001
# Kill the process
kill -9 <PID>
# Or change port in server.js
nano server.js
# Change: const PORT = 3002;
Error: Database locked
SQLite allows only one write operation at a time.
# Check if multiple instances are running
ps aux | grep "node server.js"
# Kill duplicate processes
pkill -f "node server.js"
# Restart
node server.js
Frontend Won't Start
Error: Cannot find module 'lucide-react'
cd /home/cve-dashboard/frontend
npm install lucide-react
Error: Port 3000 is already in use
# Kill process on port 3000
lsof -i :3000
kill -9 <PID>
# Or set different port
export PORT=3001
npm start
Styling Not Appearing
Make sure Tailwind CDN is in public/index.html:
<script src="https://cdn.tailwindcss.com"></script>
Upload Issues
Error: Failed to fetch during upload
- Check CORS configuration:
nano backend/server.js
Ensure CORS allows your frontend origin:
app.use(cors({
origin: ['http://localhost:3000', 'http://192.168.2.117:3000'],
credentials: true
}));
- Check upload directory permissions:
chmod -R 755 uploads/
mkdir -p uploads/temp
- Check backend logs:
tail -f backend/backend.log
Error: CVE ID and Vendor are required
This means form data isn't reaching the backend. Check:
- Frontend is sending
cveIdandvendorin FormData - Backend multer is parsing multipart form correctly
File Size Limit Exceeded Default limit is 10MB. To increase:
// In backend/server.js
const upload = multer({
storage: storage,
limits: { fileSize: 50 * 1024 * 1024 } // 50MB
});
Database Issues
View database contents:
cd /home/cve-dashboard/backend
sqlite3 cve_database.db
# View all CVEs
sqlite> SELECT * FROM cves;
# View all documents
sqlite> SELECT * FROM documents;
# Check compliance status
sqlite> SELECT * FROM cve_document_status;
# Exit
sqlite> .quit
Reset database:
cd /home/cve-dashboard/backend
rm cve_database.db
node setup.js
Backup database:
cp backend/cve_database.db backend/cve_database_backup_$(date +%Y%m%d).db
API Connection Issues
Error: Failed to fetch on all requests
- Verify backend is running:
ps aux | grep "node server.js"
curl http://192.168.2.117:3001/api/cves
- Check API_BASE URL in App.js:
const API_BASE = 'http://192.168.2.117:3001/api';
- Check firewall:
# Allow port 3001
sudo ufw allow 3001
- Test backend directly:
curl http://192.168.2.117:3001/api/cves
Permission Issues
Error: EACCES: permission denied
# Fix ownership
sudo chown -R $USER:$USER /home/cve-dashboard
# Fix permissions
chmod -R 755 /home/cve-dashboard
chmod -R 777 /home/cve-dashboard/uploads
🗺️ Roadmap
Version 1.1 (Next Release)
- User Authentication: Login system with user roles
- Audit Logging: Track who added/modified CVEs
- Email Notifications: Alert when new CVEs are added
- Export to Excel: Download CVE list as spreadsheet
- Bulk Upload: Import CVEs from CSV
- Advanced Search: Full-text search across all fields
Version 1.2
- Dashboard Analytics: Charts showing CVE trends by vendor/severity
- Automated CVSS Scoring: Fetch CVSS scores from NVD API
- Integration with Vulnerability Scanners: Import from Nessus, Qualys, etc.
- Document Templates: Pre-filled templates for vendor requests
- Mobile App: React Native mobile version
Version 2.0
- PostgreSQL Migration: Production-ready database
- Docker Deployment: Containerized deployment
- SSO Integration: Charter/Spectrum LDAP/SSO
- API Keys: Secure API access for integrations
- Webhook Support: Notify external systems on CVE updates
- Multi-tenancy: Support multiple business units
Proposed Features
- Calendar view for CVE timelines
- Automated false positive workflows
- Integration with JIRA/ServiceNow
- Machine learning for auto-categorization
- PDF report generation
- Compliance reports (SOX, PCI-DSS, HIPAA)
Have a feature request? Open an issue in Gitea or contact the author.
🤝 Contributing
This is an internal Charter Communications project. Contributions are welcome from Charter team members.
Development Workflow
- Clone the repository:
git clone https://vulcan.apophisnetworking.net/jramos/cve-dashboard.git
cd cve-dashboard
- Create a feature branch:
git checkout -b feature/your-feature-name
- Make your changes and commit:
git add .
git commit -m "feat: Add your feature description"
- Push to Gitea:
git push origin feature/your-feature-name
- Create a Pull Request in Gitea
Commit Message Convention
Follow Conventional Commits:
feat:New featurefix:Bug fixdocs:Documentation changesstyle:Code style changes (formatting)refactor:Code refactoringtest:Adding testschore:Maintenance tasks
Examples:
feat: Add bulk CVE import from CSV
fix: Resolve upload timeout issue for large files
docs: Update API documentation with new endpoints
refactor: Improve database query performance
Code Style
Backend:
- Use async/await for asynchronous operations
- Error handling with try/catch
- Descriptive variable names
- Comment complex logic
Frontend:
- React functional components with hooks
- Tailwind utility classes for styling
- No inline styles
- Extract reusable components
Testing
Before submitting:
- Test all CRUD operations
- Test file upload/download/delete
- Test Quick Check with various scenarios
- Test search and filters
- Verify on clean database
👤 Author
jramos
Charter Communications
Vulnerability Management Team
Contact:
- Gitea: @jramos
- Email: jramos@charter.com (internal)
📄 License
Internal Use Only - Charter Communications
This software is proprietary and confidential. Unauthorized copying, distribution, or use of this software, via any medium, is strictly prohibited.
Copyright © 2024 Charter Communications. All rights reserved.
📊 Project Statistics
- Version: 1.0.0
- Released: January 2024
- Lines of Code: ~1,500
- Dependencies: 12
- Supported Browsers: Chrome, Edge, Firefox, Safari
🙏 Acknowledgments
- Charter Communications Security Team for requirements and testing
- Anthropic Claude AI for development assistance
- Open-source community for dependencies (Express, React, SQLite)
📚 Additional Resources
Related Documentation
- SQLite Documentation
- Express.js Guide
- React Documentation
- Tailwind CSS
- CVE Program
- NVD (National Vulnerability Database)
Internal Resources
- Charter Security Portal: [link]
- Vulnerability Management SOP: [link]
- False Positive Request Process: [link]
📝 Changelog
[1.0.0] - 2024-01-26
Added
- Initial release with core functionality
- CVE management (Create, Read, Update)
- Document upload/view/delete
- Quick CVE status check
- Search and filtering
- SQLite database
- RESTful API
- Charter/Spectrum branding
- Automatic file organization
- Document compliance tracking
- Required document configuration per vendor
Known Issues
- Dynamic hostname detection not working (hardcoded IP as workaround)
- No user authentication (single-user system)
- Export functionality shows alert only (not implemented)
Built with ❤️ for Charter Communications