Vulcan is a tool to help streamline the process of creating STIGs and InSpec security compliance profiles. It models the STIG intent form and the process of aligning security controls from SRG items into actual STIG security controls. Vulcan also gives the option while aligning the security controls to insert inspec code and test across any type of system supported by InSpec.
- Model the STIG creation process between the creator(vendor) and the approver(sponsor)
- Write and test InSpec code on a local system, or across SSH, AWS, and Docker
- Easily view the progress on what the status is of each control
- Communicate through the application to make the best decisions on controls
- Confidential data in the database is encrypted using symmetric encryption
- Authenticate via the local server, through github, and through configuring an LDAP server.
Deploying Vulcan in Production
For Ruby (on Ubuntu):
- Ruby
build-essentials
- Bundler
libq-dev
- nodejs
- Install the version of Ruby specified in
.ruby-version
- Install postgres and rbenv
- gem install foreman
- rbenv install
- bin/setup
Make sure you have run the setup steps at least once before following these steps!
- ensure postgres is running
- foreman start -f Procfile.dev
- Navigate to
http://127.0.0.1:3000
- Stop Vulcan by doing
ctrl + c
- Stop the postgres server
See docker-compose.yml
for container configuration options.
Documentation on how to configure additional Vulcan settings such as SMTP, LDAP, etc, are available on the Vulcan website.