This is for On-Prem environments, to securely retrieve the CVE database file through automation.
- Create a secure env file (path of your choosing) for your Forward SAAS credentials
- This keeps secrets out of code and scripts
export FWD_USERNAME='your_username' # <-- Replace with your Forward SAAS UN
export FWD_PASSWORD='your_password' # <-- Replace with your Forward SAAS PW
- Add the Python script (path of your choosing) to download the CVE index
- This is the meat and potatoes of retrieving the file for SAAS
#!/usr/bin/env python3
import requests, os
from requests.auth import HTTPBasicAuth
username = os.environ.get("FWD_USERNAME")
password = os.environ.get("FWD_PASSWORD")
if not username or not password:
raise ValueError("Missing credentials.")
url = "https://fwd.app/api/cve-index"
output_file = "/tmp/cve-index.bin.gz"
r = requests.get(url, auth=HTTPBasicAuth(username, password), verify=False)
r.raise_for_status()
with open(output_file, "wb") as f: f.write(r.content)
print(f"Saved to {output_file}")
- Create a shell wrapper to run the script securely
- This loads credentials and runs the python script securely in one step
#!/bin/bash
set -euo pipefail
source /home/forward/fwd.env # <-- Adjust if you change the path
/usr/bin/python3 /home/forward/cve_database.py # <-- Adjust if you change the path
From here you could tie it to another API call to automagically feed it into your instance to update your database for you. From there we can tie it to a cronjob so that your Vulnerabilities CVE database would be updated automagically everyday. If you would like to see the finishing touches with another post please let me know.
Next up. I will be showcasing similar functionality for exporting the latestProcessed snapshot via python/API/shell so that you can pull and push your snapshots wherever you may need to push them. Thank you!
