AspireCloud is an API server for WordPress, partially implementing the api.wp.org specifications, and proxying the rest
Find a file
Brent Toderash 12d966693e
Merge pull request #393 from mgratch/update/add-cve-service
Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling.
2025-11-04 19:12:41 -06:00
.github nuke unused codeql and scorecards github actions 2025-10-25 12:26:34 -06:00
app Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
bin Determine asset content-type from extension (#163) 2025-02-12 15:26:12 -07:00
bootstrap Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
bruno fix: replace downloadurl_placeholder with download_link (#162) 2025-02-11 18:36:34 -07:00
config Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
database Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
docker Merge pull request #361 from aspirepress/dependabot/docker/docker/laravel-worker/php-8.4.13-cli-bookworm 2025-10-25 11:07:51 -06:00
docs add readme.hackathon.md 2025-10-29 12:47:33 -06:00
meta/bin add wrapper script for mago 2025-09-26 10:59:17 -06:00
patches add patch for BagServiceProvider 2025-10-26 12:28:35 -06:00
public remove laravel/telescope. i gave it plenty of chances. 2025-10-26 09:54:32 -06:00
resources Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
routes Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
storage Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
tests add prefer-arrow-function linter rule and apply autofix 2025-10-25 13:48:47 -06:00
.dockerignore add all dotfiles to dockerignore (#271) 2025-06-11 16:32:27 -06:00
.editorconfig Merging Laravel into main (#27) 2024-10-19 07:32:17 -06:00
.env.example Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
.gitattributes Merging Laravel into main (#27) 2024-10-19 07:32:17 -06:00
.gitignore Merge branch 'main' into mago 2025-09-13 12:32:47 -06:00
.pre-commit-config.example.yaml add composer-lint-mago to pre-commit checks 2025-09-11 15:30:20 -06:00
artisan Merging Laravel into main (#27) 2024-10-19 07:32:17 -06:00
CHANGELOG.md Adding a changelog 2024-10-07 05:01:12 -04:00
composer.json add patch for BagServiceProvider 2025-10-26 12:28:35 -06:00
composer.lock add patch for BagServiceProvider 2025-10-26 12:28:35 -06:00
docker-compose.override.yml.dist a day late a $ short 2025-10-22 17:31:04 -06:00
docker-compose.yml zap all gratuitous container_name keys 2025-10-24 14:49:27 -06:00
jsconfig.json User Management and API Keys (#84) 2024-11-01 18:30:03 -06:00
LICENSE Updating license file 2024-10-06 06:28:22 -04:00
mago.toml final pass over mago.toml 2025-10-25 14:05:45 -06:00
Makefile Add normalizing and weighting to search (#259) 2025-06-05 10:04:57 -06:00
package.json build(deps-dev): bump @vitejs/plugin-vue from 5.2.1 to 5.2.3 2025-03-17 18:59:07 +00:00
phpstan.dist.neon zap phpstan suppression pattern for BelongsToMany since it's fine now 2025-09-27 10:33:45 -06:00
phpunit.xml remove laravel/telescope. i gave it plenty of chances. 2025-10-26 09:54:32 -06:00
postcss.config.js Merging Laravel into main (#27) 2024-10-19 07:32:17 -06:00
psalm.xml s/covariant self/$this/g which expresses the same concept 2025-09-11 10:38:59 -06:00
README.md Integrate CVE Labeller API to perform automated vulnerability scanning for FAIR packages, including database migration, API command, and scheduling. 2025-11-04 19:59:17 -05:00
tailwind.config.js User Management and API Keys (#84) 2024-11-01 18:30:03 -06:00
vite.config.js User Management and API Keys (#84) 2024-11-01 18:30:03 -06:00
yarn.lock build(deps-dev): bump the default-group group with 4 updates 2025-10-20 17:35:13 +00:00

AspireCloud

This project is designed to function as a CDN/API endpoint system for distributing WordPress assets (themes, plugins, core) to users of the AspirePress Updater.

🪧 CloudFest Hackathon 2025: see /docs/readme.hackathon.md

Setup

Quick Start

make init

Next configure WordPress to use your local version of AspireCloud, and you're good to go!

Using https://api.aspiredev.org instead of localhost

The local dev instance can be reached this way by enabling a Traefik proxy server:

make traefik-up

You will then be able to reach the instance at https://api.aspiredev.org

CVE Labeller Integration

AspireCloud includes automated vulnerability scanning for FAIR packages using the CVE Labeller API.

Features

  • Automated Scanning: Checks all latest package releases for vulnerabilities
  • Dynamic Frequency: Adjusts check frequency based on vulnerability severity
    • HIGH severity detected → Scans every 10 minutes
    • MEDIUM severity detected → Scans every 30 minutes
    • LOW severity detected → Scans every hour
    • No vulnerabilities → Scans every 2 hours
  • Efficient: Only checks the latest release of each package
  • Production Ready: Includes retry logic, error handling, and detailed logging

Setup

  1. Run the migration:

    php artisan migrate
    
  2. Configure the API URL in .env:

    CVE_LABELLER_API_URL=http://api.cve-labeller.local/api/query
    
  3. Test the command:

    php artisan cve:query -v
    
  4. Configure cron for production:

    * * * * * cd /path-to-project && php artisan schedule:run >> /dev/null 2>&1
    

Documentation

Complete documentation is available in the /docs/cve-labeller/ directory:

  • START_HERE.md - Quick installation guide
  • QUICK_REFERENCE.md - One-page cheat sheet
  • FINAL_GUIDE.md - Complete documentation
  • FILE_INDEX.md - Index of all implementation files

Configuration

All CVE settings are configurable via environment variables. See .env.example for the complete list of available options.

Key settings:

CVE_LABELLER_API_URL=http://api.cve-labeller.local/api/query
CVE_LABELLER_ENABLED=true
CVE_LABELLER_BATCH_SIZE=50
CVE_LOG_API_REQUESTS=false

Notes

AspireCloud operates as an API and a pseudo pull-through cache against WordPress.org. This means that if AspireCloud provides the requested endpoint, it attempts to deliver the resource; otherwise, it passes the request through to WordPress.org and returns their response to the end user.

The long-term goal is to gradually implement WordPress.org APIs to reduce reliance on their website and endpoints.

Important: Please do not use this project to flood or harass the WordPress.org website. We don't want to get banned from using their resources!

License

This project is licensed under the MIT License. You may exercise all rights granted by the MIT license, including using this project for commercial purposes.