A web application for downloading and evaluating security advisories in the CSAF 2.0 format. ISDuBA is designed to support teams that are responsible for the IT security of a group of products.
We appreciate your problem reports, please check the list of issues first.
To gain insight into the architecture of ISDuBA take a look at the overview diagram.
Components used by ISDuBA:
- PostgreSQL as database
- keycloak as identity provider
- svelte-flowbite and TypeScript for the single page web application frontend
- Go as programming language for the backend.
- a downloading kernel that is close to gocsaf
- an extended version of csaf_webview
The abbreviation expands to Internes System zum Download und
der Bewertung von Advisories, a german label which translates to
Internal system for downloading and evaluation of advisories.
ISDuBA is Free Software.
Source code written for ISDuBA was placed under the Apache License, Version 2.0.
SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2024 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
Software-Engineering: 2024 Intevation GmbH <https://intevation.de>
ISDuBA depends on third party Free Software components which have their own right holders and licenses. To our best knowledge (at the time when they were added) the dependencies are upwards compatible with the ISDuBA main license.
The top level dependencies can be seen from
- go.mod for the
isdubadbackend and server tools. - package.json for the web application frontend.
- The build and setup descriptions (linked above).
Use one of several available Free Software tools to examine indirect dependencies and get a more complete list of component names and licenses.
For example use the SPDX-2.3 SBOM json file coming with an ISDuBA release
or use https://github.com/anchore/syft to create one.
Then run list_licenses.py on it
or python3 -m json.tool, to see more.