Giter Club home page Giter Club logo

cyber-security-security-advisory-dashboard's Introduction

Total alerts Language grade: JavaScript Language grade: Python

Security Advisory Dashboard

Prerequisites

  • Check you have docker and docker-compose installed
docker --version
docker-compose --version

  • Set a GITHUB_ORG env var containing the organisation login short name from the GitHub URL.

  • Set a TOKEN env var containing a read-only personal access token for a GitHub org admin user. The permissions needed for the token are:

repo, read:org, read:public_key, read:repo_hook, read:user, user:email

(Alternatively the token can be retrieved from SSM if the make command is run via aws-vault or similar to set AWS credentials.)

  • Create or change the settings.[env].json file

Run an audit

make audit

Gets the paged repository data with vulnerability alerts

The audit process runs the api calls to collect vulnerability and activity data from github as well as the dependabot config API to determine which repositories have dependabot enabled.

Run audit component tasks

You can run individual tasks from the audit process for testing.

For example to rebuild the interface route template data files you can call the following:

make task TASK=routes

You can call the tasks separately because the full audit takes a long time to run.

Run a local dev server

The run task currently runs the npm install and then runs the gulp tasks to build the static assets, js and css.

make run

Run the tests

Run the unit tests by running

make test

Terraform

Build

Before you can run the terraform you need to create a zipped lambda deployment.

You can do that by running

make zip

TODO We can probably make the terraform run the zip command

Init

The terraform is in build/terraform

To init you need a backend.tfvars

bucket  = "<bucket name>"
key     = "<state file path>"
region  = "eu-west-2"
encrypt = true

Then you can run

terraform init -reconfigure -backend-config=path/to/backend.tfvars

Plan or apply

You need an apply.tfvars

region              = "eu-west-2"
bucket_prefix       = "cyber-security"
runtime             = "python3.7"

github_org          = "<github organisation shortname>"

Service             = "github-audit"
SvcOwner            = "<who to email>"
Environment         = "<should match a setting file env>"
DeployedUsing       = "Terraform"
SvcCodeURL          = "https://github.com/alphagov/cyber-security-security-advisory-dashboard"

Then you can run

terraform apply -var-file=path/to/apply.tfvars

Find vars at

https://github.com/alphagov/cyber-security-terraform/tree/master/service/github_audit/account/103495720024

cyber-security-security-advisory-dashboard's People

Contributors

0atman avatar akinnane avatar alice-carr avatar danjoneslf avatar denizgenc avatar dependabot-preview[bot] avatar dependabot[bot] avatar detnon avatar gds-ahine avatar mahmudh avatar pritchyspritch avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

alphagov-mirror denomas tubbz-alt uk-gov-mirror lgtm-migrator pritchyspritch

cyber-security-security-advisory-dashboard's Issues

concourse pipeline deploys even if our tests fail

When we push codes that causes our tests to fail to master, the tests will run on concourse and fail as expected, but then continue onto the deploy stage and deploy the broken code.... which is obviously not what we want.

requirements-dev.txt does not refer to requirements.txt

Hi guys, I ran test.sh to check with some Dependabot PRs, and I got errors telling me that I was missing requests and addict. I figured out that this was because these packages were only referenced in requirements.txt, and requirements-dev.txt does not reference it.

Adding a

-r requirements.txt

to the top of the file would be appreciated - or an explanation for the separation between these two files.

Thanks!

Change bot user to have a google group email address that sends to engineering ^^^^

Currently the bot user account has Sam P's email address.
We need to transfer that to our ownership
Then we need to generate a new PAT and update in SSM.

  • Switch email to cyber-security-engineering+advisory-bot@
  • Verify email
  • Store creds into shared place
  • Generate new PAT
  • store in /ssd/github/pat for staging service
  • store in /ssd/github/pat for production service
  • validate new PAT works

Do requirements install in pipeline ^

At present the requirements install is done in the concourse-base-image pipeline after the base image is rebuilt. That means that the pipeline is not always run with the current version of the dependencies. This is why the recent dependabot graphql-core breaking-change merge passed the tests.

Repeated calls to SSM

Running the audit_lambda.py on the CLI, the debug output shows it makes repeated calls to SSM. The code should make a single SSM get_parameter/s request.

Contract and unit tests failing on flake8 error 

SKIPPED [1] tests/test_storage.py:33: Breaks when run out of order
SKIPPED [1] tests/test_storage.py:62: Breaks when run out of order
SKIPPED [1] tests/test_storage.py:43: Breaks when run out of order
FAILED tests/test_app.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/__init__.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/test_config.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/test_splunk.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/test_storage.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/test_vulnerable_by_severity_splunk.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/test_cyber_dependabot.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/test_audit_lambda.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'
FAILED tests/test_vulnerability_summarizer.py::FLAKE8 - AttributeError: 'Application' object has no attribute 'parse_preliminary_options_and_args'```

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.