Security Overview is a library used to generate detailed reports. It receives as
input an scan-id, a team name and then generates an html email containing some
summarized information about the scan, which links to a full report dashboard
containing detailed information about the scan. This dashboard is automatically
uploaded to a S3 bucket.
The cli provides functionality to test the report generation.
To install ,after cloning the repo, execute
go install ./...
It works by supporting three scenarios:
-
Generate and optionally upload a report.
At the root of the report execute:
vulcan-security-overview -config _config/dev.toml -scan-id scanid -team-name team-nameThe config param contains at path to a config file, there are examples of this config files at the dir:
config -
Regenerate a report
For modifying the look and feel or the javascript of the reports is useful to have a way to regenerate a report. The regenerate command takes a json file, generated by the command explained at the previous section, and regenerates the html and all the assets: javascript, css, etc... containing the full report
To regenerate command execute:
vulcan-security-overview -regen .localtest/test-report.json -resources _resources/ -presources _public_resources/ --assetsurl https://example.com/assets -output .localtest/reports -
Generate a full report from a file with a check report.
This scenario is useful when adjusting the output of a check. This command takes, apart from the config file, a parameter pointing to a file that contains a check report. It generates and uploads to s3 a full report with the findings of that check.
Example of the command:
vulcan-security-overview -config "security-overview.toml" -check check_report.json