Running using Pip

Installing from Pypi

Note

Patton runs with Python 3.6. Be sure that you have correct the version

To install Patton from Pypi you can run:

> python3.6 -m pip install patton-server

Note

If you prefer running Patton using Docker, go to the Install with Docker.

Before running patton-server

Note

BEFORE running Patton at the first time, you must follow the next steps

1 - Install PostgresSQL

Patton uses a PostgresSQL database. The easiest way to install it is using Docker:

> docker run -d -p 5432:5432 -e POSTGRES_USER=patton -e POSTGRES_DB=patton postgres:10.1

Note

PAY ATTENTION to the Postgres version you’re using. patton-Server was tested only with PostgresSQL 10.1. We recommend using that version.

2 - Bootstrapping database

In order to be able to resolve CPEs and search for CVEs we need to populate database:

> patton-server init-db

Note

This process could take some time. In our benchmarks, the time is between 4 and 6 minutes.

Running Patton Server

After install and populate the Patton database, we can start Patton server:

> patton-server serve

Updating Patton database

Patton borrows the vulnerability information from NIST database, and provides a way for update its own database with new information retrieved from NIST.

NIST usually releases new vulnerability information every 2 hours (following the NIST guidelines). Then, choice an update time, no less than 2 hours, 1 or 2 times per day should be a reasonable balance.

To update Patton database you only need to execute:

> patton-server update-db

Optionally, you can provide with a webhook to be called with the new information retrieved once the update process is done:

> patton-server update-db -W http://mysite.com/