Add ability to configure urls when downloading using fleetctl vulnerability-data-stream

[michalnicp]

Goal

When downloading feeds using fleet with FLEET_VULNERABILITIES_DISABLE_DATA_SYNC=false, you can customize where the CPE database, CPE translations, and NVD CVE feeds are downloaded from by setting additional configuration options. fleetctl vulnerability-data-stream should expose the same configuration options via flags, as it is meant as a replacement when using FLEET_VULNERABILITIES_DISABLE_DATA_SYNC=false

How?

• [ ] Add flags for setting the CPE database url, CPE translations URL, and NVD CVE prefix url to fleetctl vulnerability-data-stream

[noahtalerman]

you can customize where the CPE database, CPE translations, and NVD CVE feeds are downloaded from by setting additional configuration options

@michalnicp it looks like a user is able to customize these settings today using existing configuration options. Is my understanding, correct?

Do we know if there's anyone who is unable to customize these settings without the adding the flags?

@lukeheath if a user is already able to customize these settings today, I think it makes sense to de-prioritize this issue (adding the flags).

[lukeheath]

@noahtalerman Agreed if this can be set via other configuration options I think we can de-prioritize for now. I'll add the :engineering label so we can find it later.

@michalnicp If you feel that it's important this is prioritized let us know and we'll be happy to re-evaluate.

[michalnicp]

@michalnicp it looks like a user is able to customize these settings today using existing configuration options. Is my understanding, correct?

You can customize it in fleet, but not in fleetctl.