Horusec Platform is a set of web services that integrate with the Horusec CLI to facilitate the visualization and management of vulnerabilities.
There are several ways to install horusec platform in your environment, choose the one that is most comfortable for you.
Just remember to change the default environment variables values to the new and secure ones.
In some types of installation we use a make
command to simplify the process.
If you want to know everything that will be executed, take a look at the Makefile
located at the root of the project.
If you just want to try the web interface, we made an image that will automatically configure a ready to use environment. This image is not recommended for production environments, and will not persist any data after being interrupted.
make run-web
After executing the command, the Horusec image
will start to install all dependencies and services. After finished, the container logs will present the following message
HORUSEC WEB IS UP AND CAN BE ACCESSED IN -> http://localhost:8043/auth
.
After that, the application will be running, with all default values, the latest versions, and the following user for tests:
Username: [email protected]
Password: Devpass0*
To stop the running container just execute:
make stop-web
make install
After executing the command, we will start the docker compose file compose.yml
, which contains all services, migrations and the needed dependencies.
The compose file can be found in deployments/compose/compose.yaml
and migrations in migrations/source
.
After that, the installation will be ready, with all default values, the latest versions, and the following user for tests:
Username: [email protected]
Password: Devpass0*
By default, the docker compose file is configured to perform a standard installation. In the case of production environments, be sure to change the values of the environment variables to new and secure ones.
Click here to check full docker compose installation docs.
Each release contains its own helm files for that version, which can be found
here, they can also be found at deployments/helm
.
In both cases they will be separated by each service of the architecture.
Click here to check the complete helm installation docs.
The following are some main features that Horusec Platform provides, to learn more about these and several other features access our documentation.
Distribute only the necessary permissions according to each user.
Dashboard with various metrics about your vulnerabilities for both workspace and repository.
Vulnerability management screen, allowing to identify false positives, accepted risk and even modify a severity to a value appropriate to the reality of the vulnerability.
Creation of workspace or repository authentication tokens for your pipeline.
With the Horusec Platform you can choose which form of authentication you will use.
Currently, having three possibilities:
- HORUSEC (native)
- LDAP
- KEYCLOAK
Checkout for our authentication types docs.
Feel free to use, recommend improvements, or contribute to new implementations.
If this is our first repository that you visit, or would like to know more about Horusec, check out some of our other projects.
This project exists thanks to all the contributors. You rock! โค๏ธ๐