Skip to content

cisagov/cyhy-kevsync-lambda

BranchesTags

Repository files navigation

cyhy-kevsync-lambda

GitHub Build Status License CodeQL

This Lambda is designed to retrieve the CISA Known Exploited Vulnerabilities Catalog JSON version and import the CVE IDs into a MongoDB collection.

Lambda configuration

This Lambda supports the following Lambda environment variables in its deployment configuration:

Name Description Type Default Required
CYHY_CONFIG_PATH The path to the configuration file. string The default search behavior is used if this variable is not provided. no
CYHY_CONFIG_SSM_PATH The AWS SSM Parameter Store key that contains the configuration file. string SSM will not be accessed if this variable is not provided. no
CYHY_LOG_LEVEL The logging level for the Lambda. string INFO no

Building the base Lambda image

The base Lambda image can be built with the following command:

docker compose build

This base image is used both to build a deployment package and to run the Lambda locally.

Building a deployment package

You can build a deployment zip file to use when creating a new AWS Lambda function with the following command:

docker compose up build_deployment_package

This will output the deployment zip file in the root directory.

Testing the Lambda locally

Create a configuration file named cyhy-mine.toml in the repository root with the following content:

[kevsync]
db_auth_uri = "mongodb://username:password@host.docker.internal:27018/cyhy"
db_name = "cyhy"
json_url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
log_level = "DEBUG"
schema_url = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities_schema.json"

Start the Lambda locally with the following command:

docker compose up run_lambda_locally

The Lambda can be invoked by sending a POST request to the local endpoint:

curl "http://localhost:9000/2015-03-31/functions/function/invocations" \
     --data '{}'

How to update Python dependencies

The Lambda's Python dependencies are maintained using a Pipenv configuration. Changes to requirements should be made to the Pipfile located at build/Pipfile. More information about the Pipfile format can be found in the pipenv documentation. The accompanying Pipfile.lock file contains the specific dependency versions that will be installed. This file is updated automatically like so:

cd build
pipenv lock

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

About

A Lambda to import Known Exploited Vulnerabilities (KEV) data into a Cyber Hygiene database

Topics

vulnerability vulnerabilities kev exploited

Resources

Readme

License

CC0-1.0 license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 2

v1.0.1 Latest
Jan 20, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages