{"id":13538435,"url":"https://github.com/dradis/dradis-ce","last_synced_at":"2026-01-24T18:08:40.424Z","repository":{"id":39633436,"uuid":"50029969","full_name":"dradis/dradis-ce","owner":"dradis","description":"Dradis Framework: Collaboration and reporting for IT Security teams","archived":false,"fork":false,"pushed_at":"2026-01-22T12:51:33.000Z","size":14219,"stargazers_count":771,"open_issues_count":21,"forks_count":215,"subscribers_count":36,"default_branch":"develop","last_synced_at":"2026-01-22T23:08:44.061Z","etag":null,"topics":["collaboration","dradis","dradis-framework","infosec","penetration-testing","pentesting","security","security-audit"],"latest_commit_sha":null,"homepage":"https://dradis.com/ce/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dradis.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-01-20T12:54:45.000Z","updated_at":"2026-01-17T17:36:06.000Z","dependencies_parsed_at":"2026-01-08T12:08:17.952Z","dependency_job_id":null,"html_url":"https://github.com/dradis/dradis-ce","commit_stats":null,"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/dradis/dradis-ce","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dradis%2Fdradis-ce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dradis%2Fdradis-ce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dradis%2Fdradis-ce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dradis%2Fdradis-ce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dradis","download_url":"https://codeload.github.com/dradis/dradis-ce/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dradis%2Fdradis-ce/sbom","scorecard":{"id":354841,"data":{"date":"2025-08-11","repo":{"name":"github.com/dradis/dradis-ce","commit":"1478e08dec8e175d3a805edc7a8cfa26e3d08184"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.6,"checks":[{"name":"Code-Review","score":4,"reason":"Found 5/11 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/dradis/dradis-ce/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/dradis/dradis-ce/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/dradis/dradis-ce/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/dradis/dradis-ce/ci.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/dradis/dradis-ce/ci.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/dradis/dradis-ce/ci.yml/develop?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating ruby:3.1.2 to ruby:3.1.2@sha256:7681a3d37560dbe8ff7d0a38f3ce35971595426f0fe2f5709352d7f7a5679255","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: GNU General Public License v2.0: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-76r7-hhxj-r776","Warn: Project is vulnerable to: GHSA-r4mg-4433-c7g3","Warn: Project is vulnerable to: GHSA-gc3j-vvwf-4rp8","Warn: Project is vulnerable to: GHSA-r8xx-8vm8-x6wj","Warn: Project is vulnerable to: GHSA-r9mq-m72x-257g","Warn: Project is vulnerable to: GHSA-hxx2-7vcw-mqr3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T09:16:37.553Z","repository_id":39633436,"created_at":"2025-08-18T09:16:37.553Z","updated_at":"2025-08-18T09:16:37.553Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28733527,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T17:51:25.893Z","status":"ssl_error","status_checked_at":"2026-01-24T17:50:48.377Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["collaboration","dradis","dradis-framework","infosec","penetration-testing","pentesting","security","security-audit"],"created_at":"2024-08-01T09:01:11.965Z","updated_at":"2026-01-24T18:08:40.412Z","avatar_url":"https://github.com/dradis.png","language":"Ruby","funding_links":[],"categories":["\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e工具","security"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的"],"readme":"# Welcome to the Dradis Framework An Automated Pentest Reporting Tool\n\n[![CI](https://github.com/dradis/dradis-ce/actions/workflows/ci.yml/badge.svg)](https://github.com/dradis/dradis-ce/actions/workflows/ci.yml)\n[![Black Hat Arsenal](https://www.toolswatch.org/badges/arsenal/2016.svg)](https://www.blackhat.com/us-16/arsenal.html#dradis-framework)\n[![@dradisfw on X](https://img.shields.io/twitter/follow/dradisfw?style=social)](https://twitter.com/dradisfw)\n\nDradis is an open-source collaboration framework and penetration testing report generator that helps InfoSec teams streamline reporting workflows. With support for importing data from tools like Burp Suite, Nessus, and Nmap, Dradis automates the tedious parts of the cybersecurity testing workflow so you can focus on analysis and recommendations.\n\nGenerate consistent, professional pentest reports faster—with less manual work.\n\n\u003ca href=\"https://heroku.com/deploy?template=https://github.com/dradis/dradis-ce/tree/develop\" target=\"_blank\"\u003e\u003cimg src=\"https://www.herokucdn.com/deploy/button.svg\" height=\"40\"\u003e\u003c/a\u003e\n\u003ca href=\"https://cloud.digitalocean.com/apps/new?repo=https://github.com/dradis/dradis-ce/tree/develop\" target=\"_blank\"\u003e\u003cimg src=\"https://www.deploytodo.com/do-btn-blue.svg\" height=\"40\"\u003e\u003c/a\u003e\n\nTo try Dradis Community, you can deploy your own instance (you will need accounts in the cloud providers to get started).\n\n## Our goals\n\n* Share the information effectively.\n* Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems.\n* Flexible: with a powerful and simple extensions interface.\n* Small and portable. You should be able to use it while on site (no outside connectivity). It should be OS independent (no two testers use the same OS).\n\n\n## Some of the features:\n\n* Platform independent\n* Markup support for the notes: text styles, code blocks, images, links, etc.\n* Integration with existing systems and tools:\n  * [Brakeman](https://dradis.com/integrations/brakeman.html)\n  * [Burp Suite](https://dradis.com/integrations/burp.html)\n  * [MediaWiki](https://dradis.com/integrations/mediawiki.html)\n  * [Metasploit](https://dradis.com/integrations/metasploit.html)\n  * [Nessus](https://dradis.com/integrations/nessus.html)\n  * [NeXpose](https://dradis.com/integrations/nexpose.html)\n  * [Nikto](https://dradis.com/integrations/nikto.html)\n  * [Nmap](https://dradis.com/integrations/nmap.html)\n  * [OpenVAS](https://dradis.com/integrations/openvas.html)\n  * [Qualys](https://dradis.com/integrations/qualys.html)\n  * [SAINT](https://dradis.com/integrations/saint.html)\n  * [Zed Attack Proxy](https://dradis.com/integrations/zap.html)\n  * ...\n  * [Full list](http://dradis.com/integrations/)\n\n\n## Editions\n\nThere are two editions of Dradis Framework:\n\n* **Dradis Framework Community Edition (CE)**: open-source and available freely under the GPLv2 license.\n* **Dradis Framework Professional Edition (Pro)**: looking for more advanced features, designed for collaborating as a InfoSec team? Dradis Pro offers [report automation](https://dradis.com/reporting.html), collaboration, and client communication tools built for modern cybersecurity teams.\n\n## Getting started: Community Edition\n\n### From Git (recommended)\n\n[Installing Dradis from Git](https://dradis.com/ce/documentation/install_git.html)\n\n### Using Docker\n\nIf you'd like to use Dradis in Docker, first get the latest image:\n\n```\ndocker image pull dradis/dradis-ce:latest\n```\n\nAnd then run the container:\n\n```\ndocker run -it -p 3000:3000 dradis/dradis-ce\n```\n\n\n## Getting help\n\n* https://dradis.com/support/\n* [Community Forums](https://discuss.dradis.com/)\n* [Slack channel](https://evening-hamlet-4416.herokuapp.com/)\n* IRC: **#dradis** `irc.freenode.org`\n\n\n## Contributing\n\nPlease see CONTRIBUTING.md for details.\n\nMany thanks to all Dradis Framework [contributors](https://github.com/dradis/dradis-ce/graphs/contributors). Dradis has been around since 2007, and in 2016 we had to do some nasty Git gymnastics resulting in a lot of the previous SVN + Git history no longer being available in the current repo. We haven't deleted it though, and we're still very much grateful for the work of our former [contributors](https://github.com/dradis/dradis-legacy/graphs/contributors).\n\n\n### Branching model\nWe're following Vincent Driessen's [A successful Git branching model](http://nvie.com/posts/a-successful-git-branching-model/) to try to keep things organized.\n\nIn this repo we will have: *master*, *develop*, *release-* and *hotfix-* branches.\n\nIf you need to work on a feature branch, fork the repo and work on your own copy. We can check it from there. Eventually you'll merge to your *develop* and back to origin's *develop*.\n\n\n### Community Projects\n\n* [check-user-pwned-dradis by GoVanguard](https://github.com/GoVanguard/check-user-pwned-dradis): Searches for compromised emails across data breaches and creates Dradis Issues\n* [csv-data-import-dradis by GoVanguard](https://github.com/GoVanguard/csv-data-import-dradis): Imports Issues, Nodes, Evidence, and Notes from a CSV file into Dradis\n* [PyDradis by Novacoast](https://github.com/ncatlabs/pydradis): Python wrapper for the Dradis REST API\n\nHave you built a Dradis connector, add-on, or extension? Contact us so that we can feature it here.\n\n\n## License\n\nDradis Framework Community Edition is released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html)\n\nDradis Framework Professional Edition is released under a commercial license.\n\n\n## We're hiring\n\nIf you love open source, Ruby on Rails and would like to have a lot of freedom and autonomy in your work, maybe you should consider [joining our team](https://dradis.com/careers.html) to make Dradis even better.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdradis%2Fdradis-ce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdradis%2Fdradis-ce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdradis%2Fdradis-ce/lists"}