Horusec Platform is a set of web services that integrate with Horusec CLI to make it easier for you to see and manage the vulnerabilities.
You need to have:
There are several ways to install the Horusec Platform in your environment.
In some types of installations, we use a make
command to simplify the process.
If you want to know everything that will be executed, take a look at the Makefile
located at the project's root.
You can choose what type of installation you want below, but remember to change the default environment variables values to new and secure ones.
Follow the steps:
Step 1: Run the command:
make install
Step 2: Start the docker compose file compose.yml
. It contains all services, migrations and the needed dependencies.
- You can find the compose file in
deployments/compose/compose.yaml
; - You can find migrations in
migrations/source
.
Step 3: After this, the installation is ready with all default values, the latest versions, and the following user for tests:
Username: dev@example.com
Password: Devpass0*
Docker compose file is configured to perform a standard installation by default.
In the production environments' case, make sure to change the values of the environment variables to new and secure ones.
⚠️ We do not recommend using docker-compose installation in a productive environment.
For more information about Docker compose, check out Docker compose installation section in our documetation.
Each release contains its own helm files for that specific version, you can find them in the repository and in the folder deployments/helm
.
In both cases they will be separated by each service of the architecture.
For more information, check out the installing with Helm section in our documentation.
Horusec-Operator performs management between Horusec web services and its Kubernetes cluster. It was created based on a community’s idea to have a simpler way to install the services in an environment using Kubernetes.
- Check out how to install Horusec-Operator in our installing section.
- You can see more about Kubernetes Operators in their documentation.
Horusec Platform provides several features, see some of them below.
It distributes only the necessary permissions according to each user:
The dashboard shows you various metrics about your vulnerabilities for workspaces and repositories:
The vulnerability management screen allows you to identify false positives, accepted risk, and even modify a severity to an appropriate value to the reality of the vulnerability:
It creates workspaces or repositories authentication tokens for your pipeline:
You can choose which form of authentication you will use with Horusec Platform.
There are three possibilities:
- HORUSEC (native)
- LDAP
- KEYCLOAK
For more information about authentication types, check out our documentation.
For more information about Horusec, please check out the documentation.
If you want to contribute to this repository, access our Contributing Guide. And if you want to know more about Horusec, check out some of our other projects:
Feel free to reach out to us at:
This project exists thanks to all the contributors. You rock! ❤️🚀