Skip to content

Output Adapter Configuration

The TAVM framework currently supports two types of output adapters:

  • TAXII Publisher: an adapter that publishes STIX 2.1 bundles to a TAXII server
  • Vulnerable Git Repository Exporter: an adapter that stores Git repositories which contain vulnerable software components in a MongoDB database

The configuration for the output adapters can be managed in general.yaml, see Core Settings. Both output adapters are enabled by default and cannot be disabled via the configuration file.

TAXII Publisher

The TAXII publisher can be used to publish STIX 2.1 bundles to a TAXII server. TAXII uses an HTTP RESTful API to exchange CTI data.

TAVM simply posts the STIX 2.1 documents to a specified endpoint on the TAXII server.

An endpoint which requires authentication is also supported as long as the authentication mechanism is HTTP Basic Authentication. The credentials for the basic authentication can be specified in the configuration file.

Vulnerable Git Repository Exporter

Vulnerable Git repositories are stored in a MongoDB database and can be exported from there. The data can also be exported using the provided REST API (see Status Frontend).

Data Format

For each repository, the following data is stored:

  • Repository URL: the URL of the Git repository
  • Repository Type: the type of the Git repository, for example GitHub, GitLab, etc.
  • Timestamps: the timestamps of when the repository was first found and when it was last updated
  • Related CTI records: a list of related vulnerabilities (TAVM Unique IDs) and a timestamp of when the vulnerability was first related to the repository

Vulnerable Git Repository Data