Skip to content
/ cyber-security-security-advisory-dashboard Public

A web dashboard surfacing the state of github security advisories across our estate

License

MIT license
9 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alphagov/cyber-security-security-advisory-dashboard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,092 Commits
.gds
.gds
 
 
.github
.github
 
 
build/terraform
build/terraform
 
 
contract_tests
contract_tests
 
 
output
output
 
 
query
query
 
 
templates
templates
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.secrets.baseline
.secrets.baseline
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
VulnerableBySeveritySplunk.py
VulnerableBySeveritySplunk.py
 
 
audit_lambda.py
audit_lambda.py
 
 
config.py
config.py
 
 
cyber_dependabot.py
cyber_dependabot.py
 
 
dependabot_api.py
dependabot_api.py
 
 
docker-compose.yaml
docker-compose.yaml
 
 
errors.py
errors.py
 
 
github_rest_client.py
github_rest_client.py
 
 
language_lookup.py
language_lookup.py
 
 
ops_manual.md
ops_manual.md
 
 
pack.sh
pack.sh
 
 
pgraph.py
pgraph.py
 
 
repository_summarizer.py
repository_summarizer.py
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements.txt
requirements.txt
 
 
settings.development.json
settings.development.json
 
 
settings.production.json
settings.production.json
 
 
settings.staging.json
settings.staging.json
 
 
splunk.py
splunk.py
 
 
stats.py
stats.py
 
 
storage.py
storage.py
 
 
sts-assume-role.sh
sts-assume-role.sh
 
 
tag_file
tag_file
 
 
teams.json
teams.json
 
 
test.sh
test.sh
 
 
tox.ini
tox.ini
 
 
vulnerability_summarizer.py
vulnerability_summarizer.py
 
 

Repository files navigation

Total alerts Language grade: JavaScript Language grade: Python

Security Advisory Dashboard

Prerequisites

  • Check you have docker and docker-compose installed
docker --version
docker-compose --version

  • Set a GITHUB_ORG env var containing the organisation login short name from the GitHub URL.

  • Set a TOKEN env var containing a read-only personal access token for a GitHub org admin user. The permissions needed for the token are:

repo, read:org, read:public_key, read:repo_hook, read:user, user:email

(Alternatively the token can be retrieved from SSM if the make command is run via aws-vault or similar to set AWS credentials.)

  • Create or change the settings.[env].json file

Run an audit

make audit

Gets the paged repository data with vulnerability alerts

The audit process runs the api calls to collect vulnerability and activity data from github as well as the dependabot config API to determine which repositories have dependabot enabled.

Run audit component tasks

You can run individual tasks from the audit process for testing.

For example to rebuild the interface route template data files you can call the following:

make task TASK=routes

You can call the tasks separately because the full audit takes a long time to run.

Run a local dev server

The run task currently runs the npm install and then runs the gulp tasks to build the static assets, js and css.

make run

Run the tests

Run the unit tests by running

make test

Terraform

Build

Before you can run the terraform you need to create a zipped lambda deployment.

You can do that by running

make zip

TODO We can probably make the terraform run the zip command

Init

The terraform is in build/terraform

To init you need a backend.tfvars

bucket  = "<bucket name>"
key     = "<state file path>"
region  = "eu-west-2"
encrypt = true

Then you can run

terraform init -reconfigure -backend-config=path/to/backend.tfvars

Plan or apply

You need an apply.tfvars

region              = "eu-west-2"
bucket_prefix       = "cyber-security"
runtime             = "python3.7"

github_org          = "<github organisation shortname>"

Service             = "github-audit"
SvcOwner            = "<who to email>"
Environment         = "<should match a setting file env>"
DeployedUsing       = "Terraform"
SvcCodeURL          = "https://github.com/alphagov/cyber-security-security-advisory-dashboard"

Then you can run

terraform apply -var-file=path/to/apply.tfvars

Find vars at

https://github.com/alphagov/cyber-security-terraform/tree/master/service/github_audit/account/103495720024

About

A web dashboard surfacing the state of github security advisories across our estate

Topics

cyber-security cyber-security-team

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

9 stars

Watchers

8 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 11

Languages