OWASP Security RAT (Requirement Automation Tool) is a tool helping you manage security requirements in your agile development projects. The typical use case is:
- specify parameters of the software artifact you're developing
- based on this information, list of common security requirements is generated
- go through the list of the requirements and choose how you want to handle the requirements
- persist the state in a JIRA ticket (the state gets attached as a YAML file)
- create JIRA tickets for particular requirements in a batch mode in developer queues
- import the main JIRA ticket into the tool anytime in order to see progress of the particular tickets
Please go to https://securityrat.github.io.
Check out our brand-new online demo:
url: SecurityRAT
username: demo
password: SecurityRATdemo10!
You can try it out with the demo version and can modify/add/delete requirements. The demo version will be resetted every 24 hours (CEST).
Note that the Spring auto-restart feature has been disabled for performance reasons.
- Configure the configuration files (
src/main/resources/application-dev.ymlandsrc/main/resources/application.yml) appropriately. - Build all modules from the project's root folder with
mvn install. - Start the application from the securityrat-backend folder with
mvn spring-boot:run.
Note that the backend is required to listen on port 9000 (configured by default), if you want to use the live-reload feature of the frontend. Also, always ensure that there is an up-to-date NodeJS installation inside your PATH variable.
Move to the security-frontend module and start the frontend module with live reload with the command npx grunt serve.
This project is distributed under the Apache license, Version 2.0: http://www.apache.org/licenses/LICENSE-2.