Skip to content

Horusec Platform is a set of web services that integrate with the Horusec CLI to facilitate the visualization and management of found vulnerabilities.

License

Notifications You must be signed in to change notification settings

ZupIT/horusec-platform

Repository files navigation

logo_header

Horusec Platform

Table of contents

About

Horusec Platform is a set of web services that integrate with Horusec-CLI to make it easier for you to see and manage the vulnerabilities.

Usage

Requirements

See below the requirements to install Horusec-Platform:

Installation

There are several ways to install the Horusec-Platform in your environment. In some of them, we use a make command to simplify the process. If you want to know everything that will be executed, take a look at the Makefile located at the project's root.

Choose what type of installation you want below, but remember to change the default environment variables values to new and secure ones.

1. Install with docker compose

Follow the steps:

Step 1: Run the command:

make install

Step 2: Start the docker compose file compose.yml. It has all services, migrations and the needed dependencies.

  • You can find the compose file in deployments/compose/compose.yaml;
  • You can find migrations in migrations/source.

Step 3: Now the installation is ready with all default values, the latest versions, and the user for tests, see below:

Username: dev@example.com
Password: Devpass0*

Docker compose file is configured to perform a standard installation by default.
In the production environments' case, make sure to change the values of the environment variables to new and secure ones.

⚠️ We do not recommend using docker-compose installation in a productive environment.

For more information about Docker compose, check out Docker compose installation section.

2. Install with Helm

Each release contains its own helm files for that specific version, you can find them in the repository and in the folder deployments/helm. In both cases, they will be separated by each service of the architecture.

For more information, check out the installing with Helm section.

3. Install with Horusec-Operator

Horusec-Operator manages Horusec web services and its Kubernetes cluster. It was created based on the community’s idea to have a simpler way to install the services in an environment using Kubernetes.

Features

Horusec-Platform provides several features, see some of them below.

MultiTenancy

It distributes only the necessary permissions according to each user:

multiTenancy

Dashboard

The dashboard shows you several metrics about your workspaces and repositories' vulnerabilities:

dashboard

Vulnerability Management

The vulnerability management screen allows you to identify false positives and accepted risks. You can modify a severity to an appropriate value to the reality of the vulnerability:

vuln-management

Tokens

It creates workspaces or repositories authentication tokens for your pipeline:

tokens

Authentication Types

You can choose which form of authentication you will use with Horusec-Platform.

There are three possibilities:

  • HORUSEC (native)
  • LDAP
  • KEYCLOAK

For more information about authentication types, check out our documentation.

Documentation

For more information about Horusec, please check out the documentation.

Issues

To open or track an issue for this project, in order to better coordinate your discussions, we recommend that you use the Issues tab in the main Horusec repository.

Contributing

If you want to contribute to this repository, access our Contributing Guide.

Developer Certificate of Origin - DCO

This is a security layer for the project and for the developers. It is mandatory.

Follow one of these two methods to add DCO to your commits:

1. Command line Follow the steps: Step 1: Configure your local git environment adding the same name and e-mail configured at your GitHub account. It helps to sign commits manually during reviews and suggestions.

git config --global user.name “Name”
git config --global user.email “email@domain.com.br”

Step 2: Add the Signed-off-by line with the '-s' flag in the git commit command:

$ git commit -s -m "This is my commit message"

2. GitHub website You can also manually sign your commits during GitHub reviews and suggestions, follow the steps below:

Step 1: When the commit changes box opens, manually type or paste your signature in the comment box, see the example:

Signed-off-by: Name < e-mail address >

For this method, your name and e-mail must be the same registered on your GitHub account.

License

Apache License 2.0.

Community

Do you have any question about Horusec? Let's chat in our forum.

This project exists thanks to all the contributors. You rock! ❤️🚀