Configuration#

The configuration is stored in yaml file settings.yaml at sec_certs.config package. Below are the supported options, descriptions and default values.

log_filepath

  • Description: Path to the file, relative to working directory, where the log will be stored

  • Default value: ./cert_processing_log.txt

always_false_positive_fips_cert_id_threshold

  • Description: During validation we don’t connect certificates with number lower than this to connections due to these numbers being typically false positives

  • Default value: 40

year_difference_between_validations

  • Description: During validation we don’t connect certificates with validation dates difference higher than this

  • Default value: 7

n_threads

  • Description: How many threads to use for parallel computations

  • Default value: 8

cpe_matching_threshold

  • Description: Level of required string similarity between CPE and certificate name on CC CPE matching, 0-100. Lower values yield more false negatives, higher values more false positives

  • Default value: 92

cpe_n_max_matches

  • Description: Maximum number of candidate CPE items that may be related to given certificate, >0

  • Default value: 99

cc_latest_snapshot

  • Description: URL from where to fetch the latest snapshot of fully processed CC dataset

  • Default value: https://seccerts.org/cc/dataset.json

cc_maintenances_latest_snapshot

  • Description: URL from where to fetch the latest snapshot of CC maintenance updates

  • Default value: https://seccerts.org/cc/maintenance_updates.json

pp_latest_snapshot

  • Description: URL from where to fetch the latest snapshot of the PP dataset

  • Default value: https://seccerts.org/static/pp.json

ignore_first_page

  • Description: During keyword search, first page usually contains addresses - ignore it.

  • Default value: True

cert_threshold

  • Description: Used with –higher-precision-results. Determines the amount of mismatched algorithms to be considered faulty.

  • Default value: 5

fips_latest_snapshot

  • Description: URL for the latest snapshot of FIPS dataset

  • Default value: https://seccerts.org/fips/dataset.json

fips_iut_dataset

  • Description: URL for the dataset of FIPS IUT data

  • Default value: https://seccerts.org/fips/iut/dataset.json

fips_iut_latest_snapshot

  • Description: URL for the latest snapshot of FIPS IUT data

  • Default value: https://seccerts.org/fips/iut/latest.json

fips_mip_dataset

  • Description: URL for the dataset of FIPS MIP data

  • Default value: https://seccerts.org/fips/mip/dataset.json

fips_mip_latest_snapshot

  • Description: URL for the latest snapshot of FIPS MIP data

  • Default value: https://seccerts.org/fips/mip/latest.json

minimal_token_length

  • Description: Minimal length of a string that will be considered as a token during keyword extraction in CVE matching

  • Default value: 3

enable_progress_bars

  • Description: Whether to enable pretty-printed progress bars while processing.

  • Default value: True

log_filepath

  • Description: Path to the file, relative to working directory, where the log will be stored

  • Default value: ./cert_processing_log.txt

always_false_positive_fips_cert_id_threshold

  • Description: During validation we don’t connect certificates with number lower than this to connections due to these numbers being typically false positives

  • Default value: 40

year_difference_between_validations

  • Description: During validation we don’t connect certificates with validation dates difference higher than this

  • Default value: 7

n_threads

  • Description: How many threads to use for parallel computations

  • Default value: 8

cpe_matching_threshold

  • Description: Level of required string similarity between CPE and certificate name on CC CPE matching, 0-100. Lower values yield more false negatives, higher values more false positives

  • Default value: 92

cpe_n_max_matches

  • Description: Maximum number of candidate CPE items that may be related to given certificate, >0

  • Default value: 99

cc_latest_snapshot

  • Description: URL from where to fetch the latest snapshot of fully processed CC dataset

  • Default value: https://seccerts.org/cc/dataset.json

cc_maintenances_latest_snapshot

  • Description: URL from where to fetch the latest snapshot of CC maintenance updates

  • Default value: https://seccerts.org/cc/maintenance_updates.json

pp_latest_snapshot

  • Description: URL from where to fetch the latest snapshot of the PP dataset

  • Default value: https://seccerts.org/static/pp.json

ignore_first_page

  • Description: During keyword search, first page usually contains addresses - ignore it.

  • Default value: True

cert_threshold

  • Description: Used with –higher-precision-results. Determines the amount of mismatched algorithms to be considered faulty.

  • Default value: 5

fips_latest_snapshot

  • Description: URL for the latest snapshot of FIPS dataset

  • Default value: https://seccerts.org/fips/dataset.json

fips_iut_dataset

  • Description: URL for the dataset of FIPS IUT data

  • Default value: https://seccerts.org/fips/iut/dataset.json

fips_iut_latest_snapshot

  • Description: URL for the latest snapshot of FIPS IUT data

  • Default value: https://seccerts.org/fips/iut/latest.json

fips_mip_dataset

  • Description: URL for the dataset of FIPS MIP data

  • Default value: https://seccerts.org/fips/mip/dataset.json

fips_mip_latest_snapshot

  • Description: URL for the latest snapshot of FIPS MIP data

  • Default value: https://seccerts.org/fips/mip/latest.json

minimal_token_length

  • Description: Minimal length of a string that will be considered as a token during keyword extraction in CVE matching

  • Default value: 3

enable_progress_bars

  • Description: Whether to enable pretty-printed progress bars while processing.

  • Default value: True