Importing NVD data into Assets

Assets - NVD Integration

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

To import NVD data into Assets, navigate to the Import section in the object schema configuration. Learn more about importing in Assets.

Import type settings

Here's the list of configuration options:

NameDescription
Published range start date

Vulnerabilities published from this date will be imported. 

This field is mandatory. Enter the date in the format YYYY-MM-DD.

The oldest CVE object in NVD database was published on 1988-10-01. If you’d like to import the complete NVD database, use this date.

Published range start date

When set, only the CVEs modified in the last n days will be imported for the CVEs published within the date range set above and the corresponding objects will be updated. 

Set this field after your initial import is complete to enable faster synching.

We recommend that you keep this number greater than your import schedule interval so you don’t miss any updates.

Last modified (in days)

When set, only the CVEs modified in the last n days will be imported for the CVEs published within the date range set above and the corresponding objects will be updated. 

Set this field after your initial import is complete to enable faster synching.

We recommend that you keep this number greater than your import schedule interval so you don’t miss any updates.

API key

As NVD applies rate limiting to their services, you can synchronize data faster by using an API key.

Learn how to get an API key

Example configuration

Here’s an example configuration  to import the entire NVD Database into an Assets Schema:

  1. Set Published range start date field to 1988-10-01.
  2. Leave the Published range end date field empty.
  3. Add your API key in the API Key field.
  4. Leave the Last modified (in days) field empty.
  5. Run the import.
    Note that this import takes up a significant amount of time and memory to complete as you’re importing the full range of data.
  6. Once import is complete, edit the configuration settings as below:
    1. Enter 5 in the Last modified (in days) field.

    2. Enter Set synchronization config to run every day.

  7. Select Save.
Previous configuration

Deprecation notice

Note that this previous import configuration is using an API planned to be decommissioned on December 15, 2023. To continue to receive data from the National Vulnerability Database (NVD), you will need configure your import using the new configuration detailed above.


Optional Date patterns

You don't need to specify the date pattern in the general import configuration settings. However, it could be wise to specify them since you will get some improved performance.

Date Format

dd/MM/yyyy

Date/Time Format

dd/MM/yyyy hh:mm


Module Specific Configuration

Name

Description

NVD Data Feed

Optional Vulnerabilities Data Endpoint from https://nvd.nist.gov/vuln/data-feeds

Build full CVE-Database

The Modified Data Feed Endpoint are always fetched.

If you like to build up a full NVD-Database (from 2002 until now)

You need to select and import additional endpoints, one by one and only one time!

After imported a yearly NVD-Data Package changes will be automatically updated based on the Modified Data Feed.

Importing all NVD data will end in over 300.000 Objects and this will need a lot of configured JVM memory.

Read more about system requirements here: Installing Assets.

Offline Mode

If this option is selected, you have to place the manual downloaded NVD-Packages to the import folder.

You will find the folder at <JIRA-HOME>/import/assets/cve



Last modified on Aug 31, 2023

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.