Files

2026-01-27 05:08:27 +00:00

32 KiB

Raw Blame History

CVE Dashboard

A comprehensive vulnerability management system designed for tracking CVE (Common Vulnerabilities and Exposures) remediation status and maintaining vendor documentation compliance.

📋 Table of Contents

Overview
Key Features
Architecture
Prerequisites
Installation
Configuration
Usage Guide
API Documentation
Database Schema
File Organization
Troubleshooting
Roadmap
Contributing
Author

🎯 Overview

The CVE Dashboard solves a critical problem in vulnerability management: quickly determining whether a CVE has been addressed and if required vendor documentation exists before requesting false positive designations from security teams.

Problem Statement

Security teams report vulnerabilities that may not apply to your environment. Before requesting a false positive designation, you need to:

✅ Verify if the CVE has already been addressed
✅ Confirm you have required vendor documentation (advisories, correspondence, proof of remediation)
✅ Maintain organized records for audits and compliance

Solution

This dashboard provides:

Instant CVE status verification via Quick Check
Document compliance tracking to ensure you have required vendor documentation
Automated file organization maintaining the structure: CVE-ID/Vendor/Documents
Searchable database with filters for vendor, severity, and status
RESTful API for integration with other systems

✨ Key Features

🔍 Quick CVE Status Check

Instant verification: Enter any CVE ID and immediately see if it's been addressed
Document compliance: Shows which documents are present (Advisory ✓, Email ○, Screenshot ○)
Visual indicators: Color-coded results (green = addressed, yellow = not found, red = missing required docs)

📂 Document Management

Upload documents: PDF, images, Word docs, text files (up to 10MB)
Automatic organization: Files stored as uploads/CVE-2024-1234/Microsoft/advisory.pdf
Document types: Advisory, Email, Screenshot, Patch, Other
View & Delete: Direct links to view documents, delete with confirmation

🔎 Search & Filter

Search by CVE ID or description: Find vulnerabilities quickly
Filter by vendor: Microsoft, Cisco, Oracle, VMware, Adobe, etc.
Filter by severity: Critical, High, Medium, Low
Real-time results: Updates as you type

📊 Compliance Tracking

Document status badges: "✓ Docs Complete" or "⚠ Incomplete"
Required documents: Advisory (mandatory), Email (optional), Screenshot (optional)
Vendor-specific requirements: Customizable per vendor

🎨 Charter/Spectrum Branding

Corporate colors: Charter Blue (#0476D9) throughout
Professional design: Clean, modern interface
Responsive layout: Works on desktop and tablets

🏗️ Architecture

┌─────────────────────────────────────────────────────────┐
│                    CVE Dashboard                         │
├─────────────────────────────────────────────────────────┤
│                                                          │
│  ┌──────────────┐         ┌──────────────────────┐     │
│  │   Frontend   │         │      Backend API      │     │
│  │              │  HTTP   │                       │     │
│  │  React +     │◄───────►│  Express.js          │     │
│  │  Tailwind    │  :3001  │                       │     │
│  │              │         │  ┌─────────────────┐  │     │
│  │  Port: 3000  │         │  │  SQLite DB      │  │     │
│  └──────────────┘         │  │  - cves         │  │     │
│                           │  │  - documents    │  │     │
│                           │  │  - required_docs│  │     │
│                           │  └─────────────────┘  │     │
│                           └──────────────────────┘     │
│                                      │                  │
│                                      ▼                  │
│                           ┌──────────────────────┐     │
│                           │   File Storage       │     │
│                           │                       │     │
│                           │  uploads/             │     │
│                           │  └─ CVE-2024-1234/   │     │
│                           │     └─ Microsoft/     │     │
│                           │        ├─ advisory.pdf│     │
│                           │        └─ email.pdf   │     │
│                           └──────────────────────┘     │
└─────────────────────────────────────────────────────────┘

Technology Stack

Frontend:

React 18
Tailwind CSS (via CDN)
Lucide React (icons)
Fetch API

Backend:

Node.js v18+
Express.js 4
SQLite3
Multer (file uploads)
CORS

Database:

SQLite (development/production)
Easily upgradeable to PostgreSQL

📦 Prerequisites

Node.js: v18.0.0 or higher
npm: v8.0.0 or higher
Git: For version control
Linux/Unix environment: Tested on Ubuntu 20.04+

Check your versions:

node --version
npm --version
git --version

🚀 Installation

1. Clone the Repository

git clone https://vulcan.apophisnetworking.net/jramos/cve-dashboard.git
cd cve-dashboard

2. Install Backend Dependencies

cd backend
npm install

Expected packages:

express
sqlite3
multer
cors

3. Install Frontend Dependencies

cd ../frontend
npm install

Expected packages:

react
react-dom
react-scripts
lucide-react

4. Initialize the Database

cd ../backend
node setup.js

This will:

✅ Create cve_database.db
✅ Create tables: cves, documents, required_documents
✅ Create indexes for fast queries
✅ Create cve_document_status view
✅ Create uploads/ and uploads/temp/ directories
✅ Insert default required documents for major vendors

Expected output:

🚀 CVE Database Setup
════════════════════════════════════════
✓ Created uploads directory
✓ Database initialized successfully
✓ Database connection closed

╔════════════════════════════════════════════════════════╗
║          CVE DATABASE SETUP COMPLETE!                  ║
╚════════════════════════════════════════════════════════╝

5. Configure Server IP

Edit frontend/src/App.js and update the API URL (line 5):

const API_BASE = 'http://YOUR_SERVER_IP:3001/api';

Example:

const API_BASE = 'http://192.168.2.117:3001/api';

6. Add Tailwind CSS to Frontend

Edit frontend/public/index.html and add this line in the <head> section:

<script src="https://cdn.tailwindcss.com"></script>

7. Create Startup Scripts (Optional but Recommended)

Create start-servers.sh:

cd /home/cve-dashboard
cat > start-servers.sh << 'EOF'
#!/bin/bash
echo "Starting CVE Dashboard servers..."

# Start backend
cd backend
nohup node server.js > backend.log 2>&1 &
BACKEND_PID=$!
echo "Backend started (PID: $BACKEND_PID)"

# Start frontend
cd ../frontend
nohup npm start > frontend.log 2>&1 &
FRONTEND_PID=$!
echo "Frontend started (PID: $FRONTEND_PID)"

# Save PIDs
echo $BACKEND_PID > ../backend.pid
echo $FRONTEND_PID > ../frontend.pid

echo "✓ Both servers running in background"
echo "  Backend:  http://localhost:3001"
echo "  Frontend: http://localhost:3000"
EOF

chmod +x start-servers.sh

Create stop-servers.sh:

cat > stop-servers.sh << 'EOF'
#!/bin/bash
echo "Stopping CVE Dashboard servers..."

if [ -f backend.pid ]; then
    kill $(cat backend.pid) 2>/dev/null
    rm backend.pid
    echo "✓ Backend stopped"
fi

if [ -f frontend.pid ]; then
    kill $(cat frontend.pid) 2>/dev/null
    rm frontend.pid
    echo "✓ Frontend stopped"
fi

pkill -f "node server.js"
pkill -f "react-scripts start"
echo "All servers stopped"
EOF

chmod +x stop-servers.sh

⚙️ Configuration

Backend Configuration

CORS Settings (backend/server.js):

app.use(cors({
  origin: ['http://localhost:3000', 'http://192.168.2.117:3000'],
  credentials: true
}));

File Upload Limits (backend/server.js):

const upload = multer({ 
    storage: storage,
    limits: { fileSize: 10 * 1024 * 1024 } // 10MB limit
});

Port Configuration (backend/server.js):

const PORT = 3001;

Frontend Configuration

API Base URL (frontend/src/App.js):

const API_BASE = 'http://192.168.2.117:3001/api';

Severity Levels (frontend/src/App.js):

const severityLevels = ['All Severities', 'Critical', 'High', 'Medium', 'Low'];

Database Configuration

Add Required Documents for New Vendor:

sqlite3 backend/cve_database.db

INSERT INTO required_documents (vendor, document_type, is_mandatory, description) 
VALUES ('Adobe', 'advisory', 1, 'Adobe Security Bulletin');

Update CVE Status Values:

Modify in backend/server.js or directly in database:

Open - CVE identified, not yet addressed
Addressed - CVE has been remediated
False Positive Requested - Submitted to security team
False Positive Approved - Confirmed false positive
Closed - No action required

📖 Usage Guide

Starting the Application

Option 1: Manual Start

# Terminal 1 - Backend
cd /home/cve-dashboard/backend
node server.js

# Terminal 2 - Frontend
cd /home/cve-dashboard/frontend
npm start

Option 2: Using Startup Scripts

cd /home/cve-dashboard
./start-servers.sh

Access the application:

Frontend: http://YOUR_SERVER_IP:3000
Backend API: http://YOUR_SERVER_IP:3001

Adding a New CVE

Click the "+ Add New CVE" button (top right)
Fill in the form:
- CVE ID: e.g., CVE-2024-1234
- Vendor: e.g., Microsoft
- Severity: Critical, High, Medium, or Low
- Description: Brief description of the vulnerability
- Published Date: Date the CVE was published
Click "Add CVE"
CVE appears in the dashboard immediately

Uploading Documents

Find the CVE in the list
Click "View Documents" to expand
Click "Upload New Document"
Select your file (PDF, PNG, JPG, TXT, DOC, DOCX)
When prompted, specify:
- Document type: advisory, email, screenshot, patch, other
- Notes (optional): Description or context
File uploads and organizes automatically

File Organization Example:

uploads/
└── CVE-2024-1234/
    └── Microsoft/
        ├── 1706140800000-MS-Security-Advisory.pdf
        ├── 1706140850000-Vendor-Email.pdf
        └── 1706140900000-Patch-Screenshot.png

Using Quick Check

Scenario: Security team reports CVE-2024-5678

Enter CVE-2024-5678 in the Quick Check box
Click "Check Status"

Result A - Already Addressed:

✓ CVE Addressed
Vendor: Cisco
Severity: High
Status: Addressed
Documents: 2 attached
✓ Advisory ✓ Email ○ Screenshot

Ready for false positive request

Result B - Not Found:

⚠ Not Found
This CVE has not been addressed yet.
No entry exists in the database.

Action Required: Create entry and gather vendor documentation

Result C - Incomplete:

✓ CVE Addressed
Documents: 1 attached
✗ Advisory ○ Email ○ Screenshot

Missing required advisory - obtain before requesting false positive

Searching and Filtering

Search by CVE ID or Description:

Type in the search box
Results filter in real-time

Filter by Vendor:

Select from dropdown: All Vendors, Microsoft, Cisco, Oracle, VMware, Adobe

Filter by Severity:

Select from dropdown: All Severities, Critical, High, Medium, Low

Combine Filters:

Search for "remote code" + Vendor: Microsoft + Severity: Critical

Viewing Documents

Click "View Documents" on any CVE
See list of attached documents with:
- Document name
- Type (advisory, email, screenshot)
- File size
- Notes
Click "View" to open document in new tab
Select checkboxes to export multiple documents

Deleting Documents

Expand documents for a CVE
Click red "Delete" button next to document
Confirm deletion in popup
Document removed from database and filesystem

Exporting Documents

Expand documents for one or more CVEs
Check boxes next to documents you want to export
Click "Export X Documents for Report" at top
Currently shows alert (ready for integration with report system)

🔌 API Documentation

Base URL: http://YOUR_SERVER_IP:3001/api

CVE Endpoints

Get All CVEs

GET /api/cves

Query Parameters:

search (optional): Search term for CVE ID or description
vendor (optional): Filter by vendor name
severity (optional): Filter by severity level

Example:

curl "http://192.168.2.117:3001/api/cves?vendor=Microsoft&severity=Critical"

Response:

[
  {
    "id": 1,
    "cve_id": "CVE-2024-1234",
    "vendor": "Microsoft",
    "severity": "Critical",
    "description": "Remote code execution vulnerability",
    "published_date": "2024-01-15",
    "status": "Addressed",
    "created_at": "2024-01-26 10:30:00",
    "updated_at": "2024-01-26 10:30:00",
    "document_count": 3,
    "doc_status": "Complete"
  }
]

Check CVE Status

GET /api/cves/check/:cveId

Example:

curl "http://192.168.2.117:3001/api/cves/check/CVE-2024-1234"

Response (Found):

{
  "exists": true,
  "cve": {
    "cve_id": "CVE-2024-1234",
    "vendor": "Microsoft",
    "severity": "Critical",
    "status": "Addressed",
    "total_documents": 3,
    "has_advisory": 1,
    "has_email": 1,
    "has_screenshot": 1
  },
  "addressed": true,
  "has_required_docs": true,
  "compliance": {
    "advisory": true,
    "email": true,
    "screenshot": true
  }
}

Response (Not Found):

{
  "exists": false,
  "message": "CVE not found - not yet addressed"
}

Create CVE

POST /api/cves
Content-Type: application/json

Body:

{
  "cve_id": "CVE-2024-1234",
  "vendor": "Microsoft",
  "severity": "Critical",
  "description": "Remote code execution vulnerability in Windows Server",
  "published_date": "2024-01-15"
}

Example:

curl -X POST http://192.168.2.117:3001/api/cves \
  -H "Content-Type: application/json" \
  -d '{
    "cve_id": "CVE-2024-1234",
    "vendor": "Microsoft",
    "severity": "Critical",
    "description": "Remote code execution vulnerability",
    "published_date": "2024-01-15"
  }'

Response:

{
  "id": 1,
  "cve_id": "CVE-2024-1234",
  "message": "CVE created successfully"
}

Update CVE Status

PATCH /api/cves/:cveId/status
Content-Type: application/json

Body:

{
  "status": "False Positive Requested"
}

Example:

curl -X PATCH http://192.168.2.117:3001/api/cves/CVE-2024-1234/status \
  -H "Content-Type: application/json" \
  -d '{"status": "False Positive Requested"}'

Document Endpoints

Get Documents for CVE

GET /api/cves/:cveId/documents

Example:

curl "http://192.168.2.117:3001/api/cves/CVE-2024-1234/documents"

Response:

[
  {
    "id": 1,
    "cve_id": "CVE-2024-1234",
    "name": "MS-Security-Advisory.pdf",
    "type": "advisory",
    "file_path": "uploads/CVE-2024-1234/Microsoft/1706140800000-MS-Security-Advisory.pdf",
    "file_size": "245.50 KB",
    "mime_type": "application/pdf",
    "uploaded_at": "2024-01-26 10:35:00",
    "notes": "Official Microsoft Security Advisory"
  }
]

Upload Document

POST /api/cves/:cveId/documents
Content-Type: multipart/form-data

Form Fields:

file: The file to upload
cveId: CVE ID (e.g., CVE-2024-1234)
vendor: Vendor name (e.g., Microsoft)
type: Document type (advisory, email, screenshot, patch, other)
notes (optional): Description

Example:

curl -X POST http://192.168.2.117:3001/api/cves/CVE-2024-1234/documents \
  -F "file=@/path/to/advisory.pdf" \
  -F "cveId=CVE-2024-1234" \
  -F "vendor=Microsoft" \
  -F "type=advisory" \
  -F "notes=Official security advisory"

Response:

{
  "id": 1,
  "message": "Document uploaded successfully",
  "file": {
    "name": "advisory.pdf",
    "path": "uploads/CVE-2024-1234/Microsoft/1706140800000-advisory.pdf",
    "size": "245.50 KB"
  }
}

Delete Document

DELETE /api/documents/:id

Example:

curl -X DELETE http://192.168.2.117:3001/api/documents/1

Response:

{
  "message": "Document deleted successfully"
}

Utility Endpoints

Get All Vendors

GET /api/vendors

Example:

curl "http://192.168.2.117:3001/api/vendors"

Response:

["Microsoft", "Cisco", "Oracle", "VMware", "Adobe"]

Get Statistics

GET /api/stats

Example:

curl "http://192.168.2.117:3001/api/stats"

Response:

{
  "total_cves": 25,
  "critical_count": 8,
  "addressed_count": 20,
  "total_documents": 75,
  "compliant_count": 18
}

🗄️ Database Schema

Tables

`cves`

Stores CVE metadata and remediation status.

Column	Type	Description
id	INTEGER PRIMARY KEY	Auto-incrementing ID
cve_id	VARCHAR(20) UNIQUE	CVE identifier (e.g., CVE-2024-1234)
vendor	VARCHAR(100)	Vendor name
severity	VARCHAR(20)	Critical, High, Medium, Low
description	TEXT	Vulnerability description
published_date	DATE	Date CVE was published
status	VARCHAR(50)	Open, Addressed, False Positive Requested, Closed
created_at	TIMESTAMP	Record creation timestamp
updated_at	TIMESTAMP	Last update timestamp

Indexes:

idx_cve_id on cve_id
idx_vendor on vendor
idx_severity on severity
idx_status on status

`documents`

Stores document metadata and file locations.

Column	Type	Description
id	INTEGER PRIMARY KEY	Auto-incrementing ID
cve_id	VARCHAR(20)	Foreign key to cves.cve_id
name	VARCHAR(255)	Original filename
type	VARCHAR(50)	advisory, email, screenshot, patch, other
file_path	VARCHAR(500)	Path to file on filesystem
file_size	VARCHAR(20)	File size (e.g., "245.50 KB")
mime_type	VARCHAR(100)	MIME type (e.g., "application/pdf")
uploaded_at	TIMESTAMP	Upload timestamp
notes	TEXT	Optional notes or description

Foreign Key: cve_id → cves(cve_id) ON DELETE CASCADE

Indexes:

idx_doc_cve_id on cve_id
idx_doc_type on type

`required_documents`

Defines which document types are mandatory per vendor.

Column	Type	Description
id	INTEGER PRIMARY KEY	Auto-incrementing ID
vendor	VARCHAR(100)	Vendor name
document_type	VARCHAR(50)	advisory, email, screenshot, etc.
is_mandatory	BOOLEAN	1 = required, 0 = optional
description	TEXT	Description of requirement

Default Values:

('Microsoft', 'advisory', 1, 'Official Microsoft Security Advisory')
('Cisco', 'advisory', 1, 'Cisco Security Advisory')
('Oracle', 'advisory', 1, 'Oracle Security Alert')
('VMware', 'advisory', 1, 'VMware Security Advisory')
('Adobe', 'advisory', 1, 'Adobe Security Bulletin')

Views

`cve_document_status`

Provides real-time compliance status for each CVE.

Columns:

cve_id
vendor
severity
status
total_documents - Count of all documents
advisory_count - Count of advisory documents
email_count - Count of email documents
screenshot_count - Count of screenshot documents
compliance_status - "Complete" or "Missing Required Docs"

Example Query:

SELECT * FROM cve_document_status 
WHERE compliance_status = 'Missing Required Docs';

Database Queries

Find all Critical CVEs without required docs:

SELECT c.cve_id, c.vendor, c.description, cd.compliance_status
FROM cves c
JOIN cve_document_status cd ON c.cve_id = cd.cve_id
WHERE c.severity = 'Critical' 
  AND cd.compliance_status = 'Missing Required Docs';

Get document count by type:

SELECT type, COUNT(*) as count
FROM documents
GROUP BY type
ORDER BY count DESC;

Find CVEs without any documents:

SELECT c.cve_id, c.vendor, c.severity
FROM cves c
LEFT JOIN documents d ON c.cve_id = d.cve_id
WHERE d.id IS NULL;

📁 File Organization

Directory Structure

cve-dashboard/
├── backend/
│   ├── server.js                 # Express API server
│   ├── setup.js                  # Database initialization script
│   ├── cve_database.db          # SQLite database file
│   ├── package.json             # Backend dependencies
│   └── backend.log              # Backend log file (if using startup script)
│
├── frontend/
│   ├── public/
│   │   └── index.html           # Main HTML (includes Tailwind CDN)
│   ├── src/
│   │   ├── App.js               # Main React component
│   │   ├── index.js             # React entry point
│   │   └── index.css            # Global styles
│   ├── package.json             # Frontend dependencies
│   └── frontend.log             # Frontend log file (if using startup script)
│
├── uploads/                      # File storage (auto-created)
│   ├── temp/                    # Temporary upload directory
│   ├── CVE-2024-1234/
│   │   └── Microsoft/
│   │       ├── 1706140800000-advisory.pdf
│   │       └── 1706140850000-email.pdf
│   └── CVE-2024-5678/
│       └── Cisco/
│           └── 1706140900000-advisory.pdf
│
├── .gitignore                   # Git ignore rules
├── README.md                    # This file
├── start-servers.sh             # Startup script
├── stop-servers.sh              # Shutdown script
├── backend.pid                  # Backend process ID (when running)
└── frontend.pid                 # Frontend process ID (when running)

File Naming Convention

Uploaded files are automatically prefixed with a timestamp:

[unix_timestamp]-[original_filename]

Example:
1706140800000-MS-Security-Advisory.pdf

This prevents filename collisions and maintains chronological order.

Folder Creation

Folders are created automatically when:

Database is initialized (uploads/ and uploads/temp/)
First document is uploaded for a CVE (uploads/CVE-ID/Vendor/)

🔧 Troubleshooting

Backend Won't Start

Error: Cannot find module 'express'

cd /home/cve-dashboard/backend
npm install

Error: Port 3001 is already in use

# Find process using port 3001
netstat -tuln | grep 3001
# or
lsof -i :3001

# Kill the process
kill -9 <PID>

# Or change port in server.js
nano server.js
# Change: const PORT = 3002;

Error: Database locked SQLite allows only one write operation at a time.

# Check if multiple instances are running
ps aux | grep "node server.js"

# Kill duplicate processes
pkill -f "node server.js"

# Restart
node server.js

Frontend Won't Start

Error: Cannot find module 'lucide-react'

cd /home/cve-dashboard/frontend
npm install lucide-react

Error: Port 3000 is already in use

# Kill process on port 3000
lsof -i :3000
kill -9 <PID>

# Or set different port
export PORT=3001
npm start

Styling Not Appearing Make sure Tailwind CDN is in public/index.html:

<script src="https://cdn.tailwindcss.com"></script>

Upload Issues

Error: Failed to fetch during upload

Check CORS configuration:

nano backend/server.js

Ensure CORS allows your frontend origin:

app.use(cors({
  origin: ['http://localhost:3000', 'http://192.168.2.117:3000'],
  credentials: true
}));

Check upload directory permissions:

chmod -R 755 uploads/
mkdir -p uploads/temp

Check backend logs:

tail -f backend/backend.log

Error: CVE ID and Vendor are required

This means form data isn't reaching the backend. Check:

Frontend is sending cveId and vendor in FormData
Backend multer is parsing multipart form correctly

File Size Limit Exceeded Default limit is 10MB. To increase:

// In backend/server.js
const upload = multer({ 
    storage: storage,
    limits: { fileSize: 50 * 1024 * 1024 } // 50MB
});

Database Issues

View database contents:

cd /home/cve-dashboard/backend
sqlite3 cve_database.db

# View all CVEs
sqlite> SELECT * FROM cves;

# View all documents
sqlite> SELECT * FROM documents;

# Check compliance status
sqlite> SELECT * FROM cve_document_status;

# Exit
sqlite> .quit

Reset database:

cd /home/cve-dashboard/backend
rm cve_database.db
node setup.js

Backup database:

cp backend/cve_database.db backend/cve_database_backup_$(date +%Y%m%d).db

API Connection Issues

Error: Failed to fetch on all requests

Verify backend is running:

ps aux | grep "node server.js"
curl http://192.168.2.117:3001/api/cves

Check API_BASE URL in App.js:

const API_BASE = 'http://192.168.2.117:3001/api';

Check firewall:

# Allow port 3001
sudo ufw allow 3001

Test backend directly:

curl http://192.168.2.117:3001/api/cves

Permission Issues

Error: EACCES: permission denied

# Fix ownership
sudo chown -R $USER:$USER /home/cve-dashboard

# Fix permissions
chmod -R 755 /home/cve-dashboard
chmod -R 777 /home/cve-dashboard/uploads

🗺️ Roadmap

Version 1.1 (Next Release)

User Authentication: Login system with user roles
Audit Logging: Track who added/modified CVEs
Email Notifications: Alert when new CVEs are added
Export to Excel: Download CVE list as spreadsheet
Bulk Upload: Import CVEs from CSV
Advanced Search: Full-text search across all fields

Version 1.2

Dashboard Analytics: Charts showing CVE trends by vendor/severity
Automated CVSS Scoring: Fetch CVSS scores from NVD API
Integration with Vulnerability Scanners: Import from Nessus, Qualys, etc.
Document Templates: Pre-filled templates for vendor requests
Mobile App: React Native mobile version

Version 2.0

PostgreSQL Migration: Production-ready database
Docker Deployment: Containerized deployment
SSO Integration: Charter/Spectrum LDAP/SSO
API Keys: Secure API access for integrations
Webhook Support: Notify external systems on CVE updates
Multi-tenancy: Support multiple business units

Proposed Features

Calendar view for CVE timelines
Automated false positive workflows
Integration with JIRA/ServiceNow
Machine learning for auto-categorization
PDF report generation
Compliance reports (SOX, PCI-DSS, HIPAA)

Have a feature request? Open an issue in Gitea or contact the author.

🤝 Contributing

This is an internal Charter Communications project. Contributions are welcome from Charter team members.

Development Workflow

Clone the repository:

git clone https://vulcan.apophisnetworking.net/jramos/cve-dashboard.git
cd cve-dashboard

Create a feature branch:

git checkout -b feature/your-feature-name

Make your changes and commit:

git add .
git commit -m "feat: Add your feature description"

Push to Gitea:

git push origin feature/your-feature-name

Create a Pull Request in Gitea

Commit Message Convention

Follow Conventional Commits:

feat: New feature
fix: Bug fix
docs: Documentation changes
style: Code style changes (formatting)
refactor: Code refactoring
test: Adding tests
chore: Maintenance tasks

Examples:

feat: Add bulk CVE import from CSV
fix: Resolve upload timeout issue for large files
docs: Update API documentation with new endpoints
refactor: Improve database query performance

Code Style

Backend:

Use async/await for asynchronous operations
Error handling with try/catch
Descriptive variable names
Comment complex logic

Frontend:

React functional components with hooks
Tailwind utility classes for styling
No inline styles
Extract reusable components

Testing

Before submitting:

Test all CRUD operations
Test file upload/download/delete
Test Quick Check with various scenarios
Test search and filters
Verify on clean database

👤 Author

jramos
Charter Communications
Vulnerability Management Team

Contact:

Gitea: @jramos
Email: jramos@charter.com (internal)

📄 License

Internal Use Only - Charter Communications

This software is proprietary and confidential. Unauthorized copying, distribution, or use of this software, via any medium, is strictly prohibited.

📊 Project Statistics

Version: 1.0.0
Released: January 2024
Lines of Code: ~1,500
Dependencies: 12
Supported Browsers: Chrome, Edge, Firefox, Safari

🙏 Acknowledgments

Charter Communications Security Team for requirements and testing
Anthropic Claude AI for development assistance
Open-source community for dependencies (Express, React, SQLite)

📚 Additional Resources

Internal Resources

Charter Security Portal: [link]
Vulnerability Management SOP: [link]
False Positive Request Process: [link]

📝 Changelog

[1.0.0] - 2024-01-26

Added

Initial release with core functionality
CVE management (Create, Read, Update)
Document upload/view/delete
Quick CVE status check
Search and filtering
SQLite database
RESTful API
Charter/Spectrum branding
Automatic file organization
Document compliance tracking
Required document configuration per vendor

Known Issues

Dynamic hostname detection not working (hardcoded IP as workaround)
No user authentication (single-user system)
Export functionality shows alert only (not implemented)

Built with ❤️ for Charter Communications

32 KiB Raw Blame History

CVE Dashboard

📋 Table of Contents

🎯 Overview

Problem Statement

Solution

✨ Key Features

🔍 Quick CVE Status Check

📂 Document Management

🔎 Search & Filter

📊 Compliance Tracking

🎨 Charter/Spectrum Branding

🏗️ Architecture

Technology Stack

📦 Prerequisites

🚀 Installation

1. Clone the Repository

2. Install Backend Dependencies

3. Install Frontend Dependencies

4. Initialize the Database

5. Configure Server IP

6. Add Tailwind CSS to Frontend

7. Create Startup Scripts (Optional but Recommended)

⚙️ Configuration

Backend Configuration

Frontend Configuration

Database Configuration

📖 Usage Guide

Starting the Application

Adding a New CVE

Uploading Documents

Using Quick Check

Searching and Filtering

Viewing Documents

Deleting Documents

Exporting Documents

🔌 API Documentation

CVE Endpoints

Get All CVEs

Check CVE Status

Create CVE

Update CVE Status

Document Endpoints

Get Documents for CVE

Upload Document

Delete Document

Utility Endpoints

Get All Vendors

Get Statistics

🗄️ Database Schema

Tables

cves

documents

required_documents

Views

cve_document_status

Database Queries

📁 File Organization

Directory Structure

File Naming Convention

Folder Creation

🔧 Troubleshooting

Backend Won't Start

Frontend Won't Start

Upload Issues

Database Issues

API Connection Issues

Permission Issues

🗺️ Roadmap

Version 1.1 (Next Release)

Version 1.2

Version 2.0

Proposed Features

🤝 Contributing

Development Workflow

Commit Message Convention

Code Style

Testing

👤 Author

📄 License

32 KiB

Raw Blame History

`cves`

`documents`

`required_documents`

`cve_document_status`