OWASP Security RAT (Requirement Automation Tool) is a tool helping you manage security requirements in your agile development projects. The typical use case is:
- specify parameters of the software artifact you're developing
- based on this information, list of common security requirements is generated
- go through the list of the requirements and choose how you want to handle the requirements
- persist the state in a JIRA ticket (the state gets attached as a YAML file)
- create JIRA tickets for particular requirements in a batch mode in developer queues
- import the main JIRA ticket into the tool anytime in order to see progress of the particular tickets
Please go to https://securityrat.github.io.
Check out our brand-new online demo:
url: SecurityRAT
username: demo
password: SecurityRATdemo10!
You can try it out with the demo version and can modify/add/delete requirements. The demo version will be resetted every 24 hours (CEST).
Note that the Spring auto-restart feature has been disabled for performance reasons.
- Configure the configuration files (
securityrat-backend/src/main/resources/application-dev.ymlandsecurityrat-backend/src/main/resources/application.yml) appropriately. - Build all modules from the project's root folder with
mvn install. - Start the application from the securityrat-backend folder with
mvn spring-boot:run.
Note that the backend is required to listen on port 9000 (configured by default), if you want to use the live-reload feature of the frontend. Also, always ensure that there is an up-to-date NodeJS installation inside your PATH variable.
Move to the security-frontend module and start the frontend module with live reload with the command npx grunt serve.
This project is distributed under the Apache license, Version 2.0.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent