Load OpenCVE data in Python using dltHub

In this guide, we'll set up a complete OpenCVE data pipeline from API credentials to your first data load in just 10 minutes. You'll end up with a fully declarative Python pipeline based on dlt's REST API connector, like in the partial example code below:

Example code
@dlt.source
def opencve_source(access_token=dlt.secrets.value):
    config: RESTAPIConfig = {
        "client": {
            "base_url": "https://app.opencve.io/v1/",
            "auth": {
                "type": "bearer",
                "token": access_token,
            },
        },
        "resources": [
            "cve", "reports", "vendors"
            ],
    }
    [...]
    yield from rest_api_resources(config)


def get_data() -> None:
    # Connect to destination
    pipeline = dlt.pipeline(
        pipeline_name='opencve_pipeline',
        destination='duckdb',
        dataset_name='opencve_data', 
    )
    # Load the data
    load_info = pipeline.run(opencve_source())
    print(load_info) 

Why use dlt to generate Python pipelines?

• Accelerate pipeline development with AI-native context
• Debug pipelines, validate schemas and data with the integrated Pipeline Dashboard
• Build Python notebooks for end users of your data
• Low maintenance thanks to schema evolution with type inference, resilience and self-documenting REST API connectors. A shallow learning curve makes the pipeline easy to extend by any team member
• dlt is the tool of choice for Pythonic Iceberg Lakehouses, bringing mature data loading to Iceberg with or without catalogs

What you’ll do

We’ll show you how to generate a readable and easily maintainable Python script that fetches data from OpenCVE's API and loads it into Iceberg, DataFrames, files, or a database of your choice. Here are some of the endpoints you can load:

• CVEs: Access and manage CVE records.
• Reports: Generate and retrieve reports related to CVEs.
• Vendors: Manage vendor information.
• Products: Handle product data linked to CVEs.
• Weaknesses: Access and manage weakness data.
• Projects: Manage projects associated with CVEs.
• Notifications: Set up and manage notifications.
• Organizations: Manage organizational data.

You will then debug the OpenCVE pipeline using our Pipeline Dashboard tool to ensure it is copying the data correctly, before building a Notebook to explore your data and build reports.

Setup & steps to follow

💡
Before getting started, set up a virtual environment (instructions) and install the dlt workspace:
uv venv && source .venv/bin/activate
uv pip install "dlt[workspace]"

Now you're ready to get started!

1. Install the dlt AI Workbench

   Configure the workbench for your coding assistant:

   Copy
   dlt ai init --agent <your-agent> # <agent>: claude | cursor | codex

   This installs project rules, a secrets management skill, appropriate ignore files, and configures the dlt MCP server for your agent.

   Learn more about the dltHub AI Workbench and setup details for each assistant →

2. Install the rest-api-pipeline toolkit

   The AI Workbench provides different toolkits for each phase of the data engineering lifecycle. To start you need to install the rest-api-pipeline toolkit:

   Copy
   dlt ai toolkit rest-api-pipeline install

   This loads different skills and contexts about dlt the agent uses to build the pipeline iteratively, efficiently, and safely. Importantly, it does not need to ask you for credentials directly. In dlt, API credentials are provided via a secrets.toml file (learn more about secrets management →), and the agent should use the MCP tools to see their shape and detect misconfigurations. It never needs to access the file directly.

   Learn more about the rest-api-pipeline toolkit →

3. Start LLM-assisted coding

   Here's a prompt to get you started:

   Prompt
   Copy
   Use /find-source to load data from the OpenCVE API into DuckDB.

   The AI Workbench rest-api-pipeline toolkit takes over from here — it reads relevant API documentation, presents you with options for which endpoints to load, and then follows a structured workflow to scaffold, debug, and validate the pipeline step by step.

4. View the result

   After the rest-api-pipeline workflow has finished, you will end up with a working REST API source with validated endpoints and a pipeline that writes data into a local dataset you have inspected and verified.

   Copy
   > python opencve_pipeline.py
   Pipeline opencve load step completed in 0.26 seconds
   1 load package(s) were loaded to destination duckdb and into dataset opencve_data
   The duckdb destination used duckdb:/opencve.duckdb location to store data
   Load package 1749667187.541553 is LOADED and contains no failed jobs

   By launching the Pipeline Dashboard, you can see various information about the pipeline and the loaded data

   • Pipeline overview: State, load metrics
   • Data's schema: tables, columns, types, hints
   • You can query the data itself

   Copy
   dlt pipeline opencve_pipeline show

Running into errors?

The OpenCVE API is currently in Beta, meaning that changes may occur before a stable version is released. Additionally, advanced search queries are limited to a maximum of 5 fields, and any that exceed this limit will be rejected. Importing data requires at least 5 GB of RAM, and OpenCVE requires a PostgreSQL instance for data storage. Furthermore, users should be aware that data migration from version 1 to version 2 does not include old reports due to significant structural changes.

Next steps

You can go to the next phases of your data engineering journey by handing over to other toolkits of the dltHub AI Workbench:

• data-exploration — Build custom notebooks, charts, and dashboards for deeper analysis with marimo notebooks.
• dlthub-runtime — Deploy, schedule, and monitor your pipeline in production

Copy
dlt ai toolkit data-exploration install
dlt ai toolkit dlthub-runtime install

Or explore the following resources for more information:

• How to deploy a pipeline
• How to explore your data in marimo Notebooks
• How to query your data in Python with dataset