s3_nist_mirror
v0.0.29
Published
## General information
Downloads
81
Readme
S3 NIST Mirror
General information
The National Institute of Standards and Technology (NIST) maintains the National Vulnerability Database (NVD).
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics
This CDK stack mirrors the data available from the JSON feed to an S3 bucket. Additionally it sets up a cron job to refresh the mirror on a monthly base.
The cron job
The actual mirror operation is modelled as Lambda function. A CloudWatch Event Rule is responsible for the execution of the Lambda on the first day of each month.
const target = new LambdaFunction(fn);
new Rule(this, "ScheduleRule", {
schedule: Schedule.cron({ minute: "0", hour: "0", day: "1", month: "*" }),
targets: [target],
});
The lambda function
The lambda function downloads the metainformation as well as the gzipped JSON data.
The required Lambda layer
The Python code requires additional modules that will be provided as part of a Lambda layer. For the creation of the layer execute the following commands.
mkdir -p nist-cdk-dependencies/python
pip3 install boto3 requests datetime boto -t nist-cdk-dependencies/python
cd nist-cdk-dependencies/
zip -r nist-cdk-depencencies.zip python
Upload the zip archive as new Lambda layer to AWS.
ToDos
- Remove downloading to /tmp directory
- Create Lambda layer automatically