1. About
2. Usage
2.1. Requirements
2.2. Installation
3. Features
5. Issues
6. Contributing
7. License
8. Community
Horusec Platform is a set of web services that integrate with Horusec-CLI to make it easier for you to see and manage the vulnerabilities.
See below the requirements to install Horusec-Platform:
There are several ways to install the Horusec-Platform in your environment.
In some of them, we use a make command to simplify the process.
If you want to know everything that will be executed, take a look at the Makefile located at the project's root.
Choose what type of installation you want below, but remember to change the default environment variables values to new and secure ones.
Follow the steps:
Step 1: Run the command:
make installStep 2: Start the docker compose file compose.yml. It has all services, migrations and the needed dependencies.
- You can find the compose file in
deployments/compose/compose.yaml; - You can find migrations in
migrations/source.
Step 3: Now the installation is ready with all default values, the latest versions, and the user for tests, see below:
Username: dev@example.com
Password: Devpass0*
Docker compose file is configured to perform a standard installation by default.
In the production environments' case, make sure to change the values of the environment variables to new and secure ones.
⚠️ We do not recommend using docker-compose installation in a productive environment.
For more information about Docker compose, check out Docker compose installation section.
Each release contains its own helm files for that specific version, you can find them in the repository and in the folder deployments/helm.
In both cases, they will be separated by each service of the architecture.
For more information, check out the installing with Helm section.
Horusec-Operator manages Horusec web services and its Kubernetes cluster. It was created based on the community’s idea to have a simpler way to install the services in an environment using Kubernetes.
- Check out how to install Horusec-Operator in our installation section.
- For more information about Kubernetes Operators, check out the documentation.
Horusec-Platform provides several features, see some of them below.
It distributes only the necessary permissions according to each user:
The dashboard shows you several metrics about your workspaces and repositories' vulnerabilities:
The vulnerability management screen allows you to identify false positives and accepted risks. You can modify a severity to an appropriate value to the reality of the vulnerability:
It creates workspaces or repositories authentication tokens for your pipeline:
You can choose which form of authentication you will use with Horusec-Platform.
There are three possibilities:
- HORUSEC (native)
- LDAP
- KEYCLOAK
For more information about authentication types, check out our documentation.
For more information about Horusec, please check out the documentation.
To open or track an issue for this project, in order to better coordinate your discussions, we recommend that you use the Issues tab in the main Horusec repository.
If you want to contribute to this repository, access our Contributing Guide.
This is a security layer for the project and for the developers. It is mandatory.
Follow one of these two methods to add DCO to your commits:
1. Command line Follow the steps: Step 1: Configure your local git environment adding the same name and e-mail configured at your GitHub account. It helps to sign commits manually during reviews and suggestions.
git config --global user.name “Name”
git config --global user.email “email@domain.com.br”
Step 2: Add the Signed-off-by line with the '-s' flag in the git commit command:
$ git commit -s -m "This is my commit message"
2. GitHub website You can also manually sign your commits during GitHub reviews and suggestions, follow the steps below:
Step 1: When the commit changes box opens, manually type or paste your signature in the comment box, see the example:
Signed-off-by: Name < e-mail address >
For this method, your name and e-mail must be the same registered on your GitHub account.
Do you have any question about Horusec? Let's chat in our forum.
This project exists thanks to all the contributors. You rock! ❤️🚀