Over the Air FOSSA Vulnerability Database Updates
FOSSA provides over-the-air (OTA) updates to on premise vulnerability databases. This documentation will describe how to access the feature.
API Keys
You will need a vulnerability Service API token ID and Secret. You can find details on how to receive them on this page.
Helm Chart
Within the on premise Helm chart values, there is a section as follow (in it's default state)
# Configuration for Vulnerability Database OTA Updates
vulns:
updater:
enabled: false
# URL of the FOSSA Vulns update service.
host: https://vulns.fossa.com
# These values are provided by FOSSA and authenticate your installtion
# to our update service.
auth:
id: ""
secret: ""
Once you have API Key id and secret provisioned, the updated values should look like this:
# Configuration for Vulnerability Database OTA Updates
vulns:
updater:
enabled: true # * this is updated from false -> true
# URL of the FOSSA Vulns update service.
host: https://vulns.fossa.com
# These values are provided by FOSSA and authenticate your installtion
# to our update service.
auth:
id: "<provisioned key ID>" # this field should be the value of the provided key ID
secret: "<provisioned key secret>" # this field should be the value of the provided key secret
After the configuration is updated, you can apply the changes by running helm upgrade
to ensure that the feature is turned on. Under the hood, this operates as a cron job, so it might not run immediately. The update should be applied within 24 hours of applying the updated helm charts.
Operation
The OTA feature will run in the background as a daily cron job. No additional steps need be taken by the Organization with the on premise installation.
You can monitor OTA updates by looking at the daily OTA cron job status, or by running a database query to get the time passed since the last successful update:
SELECT (now() - (SELECT "createdAt" FROM "VulnMigrations" ORDER BY id DESC LIMIT 1))
-- example: 0 years 0 mons 0 days 4 hours 23 mins 9.114582 secs
IP Space Whitelisting
For proper functionality on premise, if there is a firewall then the following IP spaces should be whitelisted (follow the links for more information on whitelisting these addresses).
Feature Access Restrictions
Access to this feature is subject to contractual agreements and that there may be additional steps that need to have access to this feature authorized. Authorized usage of this data will be outlined within the contractual agreement with FOSSA.
Updated over 1 year ago