{"id":17948592,"url":"https://github.com/accso/securecheckplus","last_synced_at":"2025-03-24T22:35:28.995Z","repository":{"id":259741050,"uuid":"870305560","full_name":"accso/SecureCheckPlus","owner":"accso","description":"SecureCheckPlus by Accso is a web application that can be integrated into the CI/CD process via an adapter. It allows the identification, review, and documentation of already known vulnerabilities based on the libraries used.","archived":false,"fork":false,"pushed_at":"2025-02-19T14:26:54.000Z","size":5575,"stargazers_count":6,"open_issues_count":47,"forks_count":2,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-03-19T05:07:00.648Z","etag":null,"topics":["bootstrap3","cvssv3","django","python3","react","security-tools","vulnerability-assessment"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/accso.png","metadata":{"files":{"readme":"README-ADAPTER.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-09T19:53:56.000Z","updated_at":"2025-02-25T10:53:18.000Z","dependencies_parsed_at":"2024-10-27T18:38:15.281Z","dependency_job_id":"b8db4aee-65ba-4f16-aaaa-1a9e74336092","html_url":"https://github.com/accso/SecureCheckPlus","commit_stats":null,"previous_names":["accso/securecheckplus"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accso%2FSecureCheckPlus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accso%2FSecureCheckPlus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accso%2FSecureCheckPlus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/accso%2FSecureCheckPlus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/accso","download_url":"https://codeload.github.com/accso/SecureCheckPlus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245366205,"owners_count":20603438,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bootstrap3","cvssv3","django","python3","react","security-tools","vulnerability-assessment"],"created_at":"2024-10-29T09:07:11.285Z","updated_at":"2025-03-24T22:35:23.981Z","avatar_url":"https://github.com/accso.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n    \u003cimg src=\"backend/assets/images/SecureCheckPlusLogoHorizontal.png\" alt=\"SecureCheckPlus Logo\"\u003e\n\u003c/div\u003e\n\n# Adapter for SecureCheckPlus by Accso\n\nThe adapter for SecureCheckPlus by Accso can be integrated into the CI process to send scan reports to the \nSecureCheckPlus by Accso web application.\n\nThis readme assumes that you already have SecureCheckPlus by Accso up and running. If not, please, refer to this\n[readme](README.md).\n\n## How to Use the Adapter\n\nFor using the adapter you generally have to insert two stages into your CI pipeline:\n\n- the first stage uses the default OWASP image to scan the source code of your application and generate a report file,\n- the second stage uses the adapter image to upload this image to the SecureCheckPlus application.\n\nThe details on how the stages are specified depends on the CI tool. See the folder \n[tool_templates](adapter/tool_templates/README-TOOL-TEMPLATES.md) for example files for various tools.  \n\nThe stages are usually placed AFTER the build stage and BEFORE the deployment stage. \nFor the latter the order is important since it is generally not advisable to make \nthe application available if it does not comply with the security requirements configured in SecureCheckPlus.\n\n### What parameters do I need to specify?\nThe following parameters must be passed as environment variables:\n\n- `SERVER_URL` - The URL of the SecureCheckPlus by Accso web application include the relative URL `api/analyzer`.\n- `REPORT_FILE_NAME` - The name or path of the report file including the file extension.\n- `PROJECT_ID` - The ID (not the name!) of the SecureCheckPlus project.\n- `API_KEY` - The API generated for the SecureCheckProject.\n- `FILE_FORMAT` - The format of the report. This must be `json` for the time being.\n- `TOOL_NAME` - The tool used to generate the report. We use `owasp` for the time being.\n- `SKIP` - Skips the uploading of the report. If set to `true` the uploading will be skipped and the stage will \n   execute successfully independently of the vulnerability state of your application. Use with care! \n\nThe normal approach is to provide the values for these environment settings as CI tool variables and refrain from\nsetting them in the pipeline definition code directly. This is especially important for the `API_KEY` which should\nprotected (that is only be visible on protected branches) and masked (so that the value will be visible in the\nlogging output of the stage).\n\n**NOTE**: The CI tool variables used in the stage templates have the prefix `SECURECHECKPLUS_` to avoid name\ncollisions with other CI variables in your pipeline. They are mapped onto the names\nlisted above in the stage definitions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccso%2Fsecurecheckplus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faccso%2Fsecurecheckplus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccso%2Fsecurecheckplus/lists"}