VersionEye Security
This repo contains the security crawlers for VersionEye written in ruby. Currently this projects has data fetchers for:
- Java (VictimsDB)
- Python (VictimsDB)
- Ruby (Ruby Advisory DB)
- PHP (SensioLabs DB)
- PHP Magento (Magento Security Advisory)
- Node.JS (NodeSecurity)
- Node.JS (Snyk)
Start the backend services for VersionEye
This project contains a docker-compose.yml file which describes the backend systems of VersionEye. You can start the backend systems like this:
docker-compose up -d
That will start:
- MongoDB
- RabbitMQ
- ElasticSearch
- Memcached
For persistence you should comment in and adjust the mount volumes in docker-compose.yml for MongoDB and ElasticSearch. If you are not interested in persisting the data on your host you can let it untouched.
Shutting down the backend systems works like this:
docker-compose down
Configuration
All important configuration values are read from environment variable. Before you start VersioneyeCore.new you should adjust the values in scripts/set_vars_for_dev.sh and load them like this:
source ./scripts/set_vars_for_dev.sh
The most important env. variables are the ones for the backend systems, which point to MongoDB, ElasticSearch, RabbitMQ and Memcached.
Install dependencies
If the backend services are all up and running and the environment variables are set correctly
you can install the dependencies with bundler
. If bundler
is not installed on your machine
run this command to install it:
gem install bundler
Then you can install the dependencies like this:
bundle install
Rake Tasks
Get a list of all rake tasks:
rake -T
Crawl for Java security vulnerabilities:
rake versioneye:crawl_java_security
Tests
The tests for this project are running after each git push
on CircleCI!
First of all a Docker image is build for this project and the tests are executed inside of a Docker container.
For more details take a look to the Dockerfile and the circle.yml file in the root directory!
If the Docker containers for the backend systems are running locally, the tests can be executed locally with this command:
./scripts/run_tests_local.sh
Make sure that you followed the steps in the configuration section, before you run the tests!
All Files covered to 95.82%.
Support
For commercial support send a message to support@versioneye.com
.
AGPL-v3 License
Copyright (c) 2016 VersionEye GmbH
The contents of this repository is available under the AGPL-v3 license, see the AGPL-3.0 for full details.