Low Severity
Published: Jun 24, 2025
Log OpenCVE vulnerabilities to ELK stack , OpenObserve, Splunk
# CVE Monitor for OpenObserve, ELK stack, Splunk etc
This script fetches CVE data from https://app.opencve.io/ and logs it to your favorite log solution, such as Splunk, OpenObserve, ELK etc.
This way you can monitor, dashboard and alert on CVE's.
# Use cases
- monitor security intel for your favorite tech stacks
- set alerts for critical CVE's affecting your stack
- run this with a cron scheduler to stay up to date
- run it in daemon mode from a docker compose project
# Setup
Create an account on https://app.opencve.io/ .
```bash
docker build -t cve-monitor .
mkdir logs
chown 999:999 logs
```
Create `config/vendors.txt` from `config/vendors.example.txt` with CPE vendor/product data.
You might use https://app.opencve.io/ as a resource for this.
Example `config/vendors.txt`:
```
fasterxml:jackson-databind
nextcloud:nextcloud_server
```
Create `.env` from `.env.example` and fill in all details.
# Run
```bash
docker run --rm --env-file .env -v $(pwd)/config:/config -v $(pwd)/logs:/logs cve-monitor
```
# Daemon mode
Set ENV var `DAEMON_MODE=true` and run with docker compose.
Interval is controlled with ENV var `HOURS_LOOKBACK`.
# Detailed information
Use `ENABLE_DETAILED_CVE_CALLS=true` to fetch detailed information like CVS score.
Heavily increased API usage.