plugins/cvelib: new plugin for CVE Services API

ppaeps · ppaeps · commit 837d4212c23c · 2025-10-08T08:25:27.000+08:00
The CVE Services API allows CVE Numbering Authorities (CNAs) to reserve, publish, and manage CVE IDs. This plugin sets the environment variables required to use the reference cvelib implementation of the API. See also: https://www.cve.org/AllResources/CveServices https://github.com/RedHatProductSecurity/cvelib https://vulnogram.github.io/cve5/#cvePortal
diff --git a/plugins/cvelib/api_key.go b/plugins/cvelib/api_key.go
@@ -0,0 +1,49 @@
+package cvelib
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/importer"
+	"github.com/1Password/shell-plugins/sdk/provision"
+	"github.com/1Password/shell-plugins/sdk/schema"
+	"github.com/1Password/shell-plugins/sdk/schema/credname"
+	"github.com/1Password/shell-plugins/sdk/schema/fieldname"
+)
+
+func APIKey() schema.CredentialType {
+	return schema.CredentialType{
+		Name:          credname.APIKey,
+		DocsURL:       sdk.URL("https://github.com/RedHatProductSecurity/cvelib"),
+		ManagementURL: sdk.URL("https://vulnogram.github.io/cve5/#cvePortal"),
+		Fields: []schema.CredentialField{
+			{
+				Name:                fieldname.User,
+				MarkdownDescription: "User to authenticate to CVE Services API (CVE user).",
+			},
+			{
+				Name:                fieldname.Organization,
+				MarkdownDescription: "Organization to authenticate to CVE Services API (CNA short name).",
+			},
+			{
+				Name:                fieldname.APIKey,
+				MarkdownDescription: "API Key used to authenticate to CVE Services API (CNA API key).",
+				Secret:              true,
+				Composition: &schema.ValueComposition{
+					Length: 36,
+					Charset: schema.Charset{
+						Lowercase: true,
+						Digits:    true,
+					},
+				},
+			},
+		},
+		DefaultProvisioner: provision.EnvVars(defaultEnvVarMapping),
+		Importer: importer.TryAll(
+			importer.TryEnvVarPair(defaultEnvVarMapping),
+		)}
+}
+
+var defaultEnvVarMapping = map[string]sdk.FieldName{
+	"CVE_USER":    fieldname.User,
+	"CVE_ORG":     fieldname.Organization,
+	"CVE_API_KEY": fieldname.APIKey,
+}
diff --git a/plugins/cvelib/cve.go b/plugins/cvelib/cve.go
@@ -0,0 +1,25 @@
+package cvelib
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/needsauth"
+	"github.com/1Password/shell-plugins/sdk/schema"
+	"github.com/1Password/shell-plugins/sdk/schema/credname"
+)
+
+func CVEServicesAPICLI() schema.Executable {
+	return schema.Executable{
+		Name:    "CVE Services API CLI",
+		Runs:    []string{"cve"},
+		DocsURL: sdk.URL("https://github.com/RedHatProductSecurity/cvelib"),
+		NeedsAuth: needsauth.IfAll(
+			needsauth.NotForHelpOrVersion(),
+			needsauth.NotWithoutArgs(),
+		),
+		Uses: []schema.CredentialUsage{
+			{
+				Name: credname.APIKey,
+			},
+		},
+	}
+}
diff --git a/plugins/cvelib/plugin.go b/plugins/cvelib/plugin.go
@@ -0,0 +1,22 @@
+package cvelib
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/schema"
+)
+
+func New() schema.Plugin {
+	return schema.Plugin{
+		Name: "cvelib",
+		Platform: schema.PlatformInfo{
+			Name:     "CVE Services",
+			Homepage: sdk.URL("https://www.cve.org/AllResources/CveServices"),
+		},
+		Credentials: []schema.CredentialType{
+			APIKey(),
+		},
+		Executables: []schema.Executable{
+			CVEServicesAPICLI(),
+		},
+	}
+}
