cve alerts (#750)

Raven-98 · web-flow · commit 7685e19367ba · 2026-05-14T17:42:36.000+02:00
* add sls for cve alerts

* update severity_per_retcode for cve alerts
diff --git a/pillar/cmd_check_alert/cve-kernel.sls b/pillar/cmd_check_alert/cve-kernel.sls
@@ -0,0 +1,22 @@
+cmd_check_alert:
+  cve-kernel:
+    cron:
+      minute: '15'
+      hour: '9'
+    config:
+      checks:
+        cve-kernel:
+          cmd: /opt/microdevops/pycve/local-agent/run-local-agent.sh --rules-base-url https://cve.microdevops.com/rules --kernel-only 2> null
+          service: cve
+          resource: __hostname__:cve-kernel
+          severity_per_retcode:
+            '1': major      # return if agent has issues
+            '2': major      # return by packages
+            '3': critical   # return by kernel
+      enabled: True
+      limits:
+        time: 600
+        threads: 1
+
+
+
diff --git a/pillar/cmd_check_alert/cve-packages.sls b/pillar/cmd_check_alert/cve-packages.sls
@@ -0,0 +1,22 @@
+cmd_check_alert:
+  cve-packages:
+    cron:
+      minute: '15'
+      hour: '10'
+    config:
+      checks:
+        cve-packages:
+          cmd: /opt/microdevops/pycve/local-agent/run-local-agent.sh --rules-base-url https://cve.microdevops.com/rules --packages-only 2> null
+          service: cve
+          resource: __hostname__:cve-packages
+          severity_per_retcode:
+            '1': major      # return if agent has issues
+            '2': major      # return by packages
+            '3': critical   # return by kernel
+      enabled: True
+      limits:
+        time: 600
+        threads: 1
+
+
+
