Visualizes security vulnerabilities across multiple projects in heatmap representation. The orchestration and tracking has become quite complex, especially for central security teams in large enterprises dealing with a multitude of distributed teams. The heatmap is built for the ease of adaption by technology management and development roles to identify the critical outliers within the organization. The different views of the heatmap allow tailored representation of configurable criteria over time and across projects. The Vulnerability Heatmap is particular helpful for Security Awareness and Security Champions programs by giving an easy consumable representations of the enterprise's flaws. Best-practice guidance for incorporation in your Awareness program will be referenced in the future.
See here: https://secureio-gmbh.github.io/VulnerabilityHeatmap/
Create a file called backend/config.js with the following content:
echo "
export const DD_APIKEY = '$DD_APIKEY';
export const DD_BASEURL = '$DD_BASEURL';
" > backend/config.js
Get the values from your running DefectDojo instance.
Start DB:
$ docker run --name heatmap_db -d mongo:latest
$ docker exec -it heatmap_db mongosh
> use heatmap
> db.apps.find()
Then start the node.js api and the vue.js app:
# Start the node.js api
$ cd backend
$ npm install
$ npm start
# $ PORT=9878 HTTPS_PORT=9879 NODE_ENV=production node backend/api.js
# Start the frontend
$ cd frontend
$ npm run serve
$ docker build -t heatmap .
$ docker run -p 9877:9877 -d heatmap
# get a shell inside
$ docker run -it --entrypoint /bin/sh heatmap
TODO.
npm run deploy
A nightly import job fetches data from the DefectDojo API, normalizes it to a unified data structure and stores it into a MongoDB. When the frontend wants to display the data, a simple node.js service is then able to fetch the data fast from MongoDB in order to support realtime visualization.
TODO: remove TF.
