{"id":18565064,"url":"https://github.com/greenbone/gsa","last_synced_at":"2026-04-02T00:54:47.827Z","repository":{"id":26322614,"uuid":"108386308","full_name":"greenbone/gsa","owner":"greenbone","description":"Greenbone Security Assistant - The web frontend for the Greenbone Community Edition","archived":false,"fork":false,"pushed_at":"2024-04-17T08:26:59.000Z","size":71909,"stargazers_count":200,"open_issues_count":10,"forks_count":90,"subscribers_count":19,"default_branch":"main","last_synced_at":"2024-04-17T16:11:16.952Z","etag":null,"topics":["base","frontend","gea","greenbone","greenbone-community-edition","greenbone-security-assistant","gsad","gvm","hacktoberfest","javascript","openvas","vulnerability","vulnerability-assessment","vulnerability-detection","vulnerability-management","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/greenbone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-10-26T08:54:07.000Z","updated_at":"2024-04-19T15:29:23.485Z","dependencies_parsed_at":"2024-04-19T15:28:56.819Z","dependency_job_id":null,"html_url":"https://github.com/greenbone/gsa","commit_stats":{"total_commits":18597,"total_committers":52,"mean_commits":"357.63461538461536","dds":0.6104210356509114,"last_synced_commit":"bd2cbf5bcb6f0cc9365438d8daf73b42c169a83e"},"previous_names":[],"tags_count":137,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgsa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgsa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgsa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greenbone%2Fgsa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/greenbone","download_url":"https://codeload.github.com/greenbone/gsa/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247415967,"owners_count":20935387,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["base","frontend","gea","greenbone","greenbone-community-edition","greenbone-security-assistant","gsad","gvm","hacktoberfest","javascript","openvas","vulnerability","vulnerability-assessment","vulnerability-detection","vulnerability-management","vulnerability-scanners"],"created_at":"2024-11-06T22:17:34.462Z","updated_at":"2026-04-02T00:54:47.814Z","avatar_url":"https://github.com/greenbone.png","language":"JavaScript","readme":"![Greenbone Logo](https://www.greenbone.net/wp-content/uploads/gb_new-logo_horizontal_rgb_small.png)\n\n# Greenbone Security Assistant \u003c!-- omit in toc --\u003e\n\n[![GitHub releases](https://img.shields.io/github/release/greenbone/gsa.svg)](https://github.com/greenbone/gsa/releases)\n[![code test coverage](https://codecov.io/gh/greenbone/gsa/branch/main/graph/badge.svg)](https://codecov.io/gh/greenbone/gsa)\n[![Build and test JS](https://github.com/greenbone/gsa/actions/workflows/ci-js.yml/badge.svg?branch=main)](https://github.com/greenbone/gsa/actions/workflows/ci-js.yml?query=branch%3Amain++)\n\nThe Greenbone Security Assistant is the web interface developed for the\n[Greenbone Enterprise appliances](https://www.greenbone.net/en/product-comparison/)\nwritten in [React](https://reactjs.org/).\n\n- [Releases](#releases)\n- [Installation](#installation)\n- [Developing](#developing)\n- [Translations](#translations)\n - [Format](#format)\n - [Updating](#updating)\n - [Support a new Language](#support-a-new-language)\n- [Settings](#settings)\n - [Config File](#config-file)\n - [Config Variables](#config-variables)\n - [vendorVersion](#vendorversion)\n - [vendorLabel](#vendorlabel)\n - [vendorTitle](#vendortitle)\n - [guestUsername and guestPassword](#guestusername-and-guestpassword)\n - [disableLoginForm](#disableloginform)\n - [enableCommunityFeedNotification](#enablecommunityfeednotification)\n - [enableEPSS](#enableepss)\n - [enableKrb5](#enablekrb5)\n - [enableStoreDebugLog](#enablestoredebuglog)\n - [logLevel](#loglevel)\n - [timeout](#timeout)\n - [apiServer](#apiserver)\n - [apiProtocol](#apiprotocol)\n - [manualUrl](#manualurl)\n - [manualLanguageMapping](#manuallanguagemapping)\n - [protocolDocUrl](#protocoldocurl)\n - [reloadInterval](#reloadinterval)\n - [reloadIntervalActive](#reloadintervalactive)\n - [reloadIntervalInactive](#reloadintervalinactive)\n - [reportResultsThreshold](#reportresultsthreshold)\n - [severityRating](#severityrating)\n- [Support](#support)\n- [Maintainer](#maintainer)\n- [Contributing](#contributing)\n- [License](#license)\n\n## Releases\n\nAll [release files](https://github.com/greenbone/gsa/releases) are signed with\nthe [Greenbone Community Feed integrity key](https://community.greenbone.net/t/gcf-managing-the-digital-signatures/101).\nThis gpg key can be downloaded at https://www.greenbone.net/GBCommunitySigningKey.asc\nand the fingerprint is `8AE4 BE42 9B60 A59B 311C 2E73 9823 FAA6 0ED1 E580`.\n\n## Installation\n\nPrerequisites for GSA:\n\n- node.js \u003e= 22.0\n\nTo install nodejs the following commands can be used\n\n```bash\nexport VERSION=22\nexport KEYRING=/usr/share/keyrings/nodesource.gpg\n\ncurl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | sudo tee \"$KEYRING\" \u003e/dev/null\ngpg --no-default-keyring --keyring \"$KEYRING\" --list-keys\n\necho \"deb [signed-by=$KEYRING] https://deb.nodesource.com/node_$VERSION.x nodistro main\" | sudo tee /etc/apt/sources.list.d/nodesource.list\necho \"deb-src [signed-by=$KEYRING] https://deb.nodesource.com/node_$VERSION.x nodistro main\" | sudo tee -a /etc/apt/sources.list.d/nodesource.list\n\nsudo apt update \u0026\u0026 sudo apt install nodejs\n```\n\nChange into the gsa source directory and delete the possible existing build output\ndirectory.\n\n```bash\ncd path/to/gsa\nrm -rf build\n```\n\nInstall the JavaScript dependencies and start the build process. The build process\ncreates a `build` directory with a production build of GSA. The `build/img` directory\nwill contain images like logos and banners. The `build/static` directory will contain\ngenerated JavaScript and CSS files and additionally in the `build/static/media`\ndirectory SVG files for all icons will be found.\n\n```bash\nnpm install\nnpm run build\n```\n\nAll content of the production build can be shipped with every web server. For\nproviding GSA via our [gsad web server](https://github.com/greenbone/gsad/), the\nfiles need to be copied into the `share/gvm/gsad/web/` subdirectory of your\nchosen `CMAKE_INSTALL_PREFIX` directory when building `gsad`. Normally this is\nset to `/usr` or `/usr/local`.\n\n```bash\nmkdir -p $INSTALL_PREFIX/share/gvm/gsad/web/\ncp -r build/* $INSTALL_PREFIX/share/gvm/gsad/web/\n```\n\nIf you are not familiar or comfortable building from source code, we recommend\nthat you use the Greenbone Enterprise TRIAL, a prepared virtual machine with a\nreadily available setup. Information regarding the virtual machine is\navailable at \u003chttps://www.greenbone.net/en/testnow\u003e.\n\n## Developing\n\nUsing GSA requires to re-build the JavaScript bundle. This process is very\ntime-consuming and therefore may be avoided during development. It is possible\nto run GSA in a special web development server. The development server can be\nstarted with:\n\n```sh\ncd path/to/gsa \u0026\u0026 npm run start\n```\n\nAfterwards the development web server is set up and a new browser window is\nopened at the URL `http://127.0.0.1:8080`, containing the GSA web application.\nWhen a JavaScript file of GSA in the src folder is changed, the browser window\nwill reload automatically.\n\nBesides the development server [gsad] needs to be running with CORS enabled.\n\n```sh\ngsad --http-cors=\"http://127.0.0.1:8080\"\n```\n\nTo be able to communicate with gsad, the web application needs to know the\nserver URL. This can be accomplished by editing the [`path/to/gsa/public/config.js`\nfile](#config-file). The following lines can be used for a local gsad running\nwith HTTP on port 9392:\n\n```javascript\nconfig = {\n apiProtocol: 'http',\n apiServer: '127.0.0.1:9392',\n};\n```\n\nFor HTTPS only the protocol property must be `'https'` accordingly.\n\nAfter changing the `config.js` file, the browser window should be reloaded\nmanually.\n\n## Translations\n\nFor translations and internationalization [i18next](https://www.i18next.com/) is\nused.\n\nWith [our configuration of i18next](./src/gmp/locale/lang.js#L45) the\ntranslations are stored in language specific JSON files. The existing\ntranslations can be found at the [public/locales/](./public/locales/) directory.\n\n### Format\n\nThe translations are stored in the JSON files as key-value pairs with the key\nbeing the English string and the value the translation of the specific language.\nNot translated strings have an empty string `“”` as the value.\n\nExample with German translations:\n\n```json\n{\n \"Create a new Tag\": \"Einen neuen Tag erstellen\",\n \"Create a new Target\": \"Ein neues Ziel erstellen\",\n \"Create a new Task\": \"\"\n}\n```\n\n### Updating\n\nTo change or extend translations new values can be added to the specific JSON\nfile, committed to git and finally uploaded through a pull request to GitHub.\n\nBut sometimes the UI changes and new English descriptions are added or existing\nones have been rephrased. In this case the new keys must be extracted from the\nsource code and added to the JSON files. This can be done by running\n\n```sh\nnpm run i18n-extract\n```\n\nNew translation strings are added with an empty string `“”` as default value.\nTherefore searching for empty strings will find the to be translated values.\n\n### Support a new Language\n\nThe currently supported languages are listed at [src/gmp/locale/languages.js](./src/gmp/locale/languages.js#L23).\nIf a new language should be available in the web UI, it needs an entry in this\nobject. Additionally the corresponding language codes must be added to the\n[i18next-parser.config.js](./i18next-parser.config.js).\n\n## Settings\n\nThe behavior of GSA can be changed via settings. All of the settings can be\nadjusted via a config file. Some of the settings can be changed during runtime\ntoo. Some of them are persistent during reload, some are reset during reload.\n\nThis sections lists all settings and explains their behavior.\n\n### Config File\n\nThe config file is a normal JavaScript file (with a .js suffix). It is named\n`config.js` and will be loaded from the `/usr/share/gvm/gsad/web/` (or\n`/usr/local/share/gvm/gsad/web/`) directory when using [gsad] for providing GSA\ne.g. in production environments.\n\nDuring development when using the on-the-fly-transpiling JavaScript development\nserver (via `npm run start`) the file is loaded from the `public/` directory.\n\nThe `config.js` file must contain a global config object with settings as\nproperties e.g.\n\n```js\nconfig = {\n // javascript files in contrast to JSON files allow comments\n foo: 'bar',\n};\n```\n\nIt is evaluated in the `Settings` object implemented in the\n[settings.ts](./src/gmp/settings.ts) file. The `Settings` object is\ninstantiated once for the [GSA application](./src/web/App.tsx#L29)\n\n### Config Variables\n\n| Name | Type | Default | Changeable during runtime | Persistent after reload |\n| ------------------------------------------------------------------- | -------------------------- | ----------------------------------------------------------------------------- | ------------------------- | ----------------------- |\n| [apiProtocol](#apiprotocol) | String ('http' or 'https') | `global.location.protocol` | - | x |\n| [apiServer](#apiserver) | String | `global.location.host` | - | x |\n| enableGreenboneSensor | Boolean | false | - | x |\n| [disableLoginForm](#disableloginform) | Boolean | false | - | x |\n| [enableCommunityFeedNotification](#enablecommunityfeednotification) | Boolean | true | x | x |\n| [enableEPSS](#enableepss) | Boolean | true | x | x |\n| [enableKrb5](#enablekrb5) | Boolean | false | x | x |\n| [enableStoreDebugLog](#enablestoredebuglog) | Boolean | false | x | x |\n| [guestUsername](#guestusername-and-guestpassword) | String | undefined | - | x |\n| [guestPassword](#guestusername-and-guestpassword) | String | undefined | - | x |\n| locale | String | undefined | x | x |\n| [logLevel](#loglevel) | String | [`'warn'`](./src/gmp/settings.ts#L27) | x | x |\n| [manualUrl](#manualurl) | String | [https://docs.greenbone.net/GSM-Manual/gos-24.10/](./src/gmp/settings.ts#L24) | - | x |\n| [manualLanguageMapping](#manuallanguagemapping) | Object | undefined | - | x |\n| [protocolDocUrl](#protocoldocurl) | String | [https://docs.greenbone.net/API/GMP/gmp-22.5.html](./src/gmp/settings.ts#L25) | - | x |\n| [reloadInterval](#reloadinterval) | Integer | [15 \\* 1000; // fifteen seconds](./src/gmp/settings.ts#L21) | x | - |\n| [reloadIntervalActive](#reloadintervalactive) | Integer | [3 \\* 1000; // three seconds](./src/gmp/settings.ts#L22) | x | - |\n| [reloadIntervalInactive](#reloadintervalinactive) | Integer | [60 \\* 1000; // one minute](./src/gmp/settings.ts#L22) | x | - |\n| [reportResultsThreshold](#reportresultsthreshold) | Integer | [25000](./src/gmp/settings.ts#L26) | x | - |\n| [timeout](#timeout) | Integer | [300000; // 5 minutes](./src/gmp/settings.ts#L28) | x | - |\n| [severityRating](#severityrating) | `'CVSSv2'` or `'CVSSv3'` | `'CVSSv3'` | - | x |\n| [vendorVersion](#vendorversion) | String | undefined | - | x |\n| [vendorLabel](#vendorlabel) | String | undefined | - | x |\n| [vendorTitle](#vendortitle) | String | OPENVAS | x | x |\n\n#### vendorVersion\n\nAllows to adjust the shown product version string at the Login and About pages.\n\n#### vendorLabel\n\nAllows to adjust the product info image at the Login page. It must be a relative\npath e.g. `foo.png`. The path will be mapped to `$INSTALL_PREFIX/share/gvm/gsad/web/img/`\non production (with [gsad]) and `gsa/public/img` for the [development server](#developing).\n\n#### vendorTitle\n\nAllows to adjust the HTML title, i.e. the text shown in browser tabs which have GSA open.\n\n#### guestUsername and guestPassword\n\nBoth settings allow to login with a single click. This user has to be set up\ncarefully. E.g. if this user is created with admin privileges it will have these\npermissions after login. Thus be careful when creating a guest user. If\nguestUsername is contained in the `config.js` file the `Login as Guest` button\nwill be shown.\n\n#### disableLoginForm\n\nThis setting allows to deactivate the username password form at the Login page.\nIt can be used to deactivate login for _normal_ users.\n\n#### enableCommunityFeedNotification\n\nEnables the notification about using the community feed. It is enabled by\ndefault.\n\n#### enableEPSS\n\nEnables the display of EPSS scores and percentiles in CVEs and VTs. It is\nenabled by default.\n\n#### enableKrb5\n\nEnable the ability to add Kerberos credentials.\n\n#### enableStoreDebugLog\n\nChanges to this settings are persistent during browser reload. If the value has\nbeen changed in the browser console e.g. via `gmp.settings.enableStoreDebugLog = true`\nthe browser window needs to be reloaded to apply this setting. The setting can\nbe `true`, `false` or `undefined`.\n\nIf either enableStoreDebugLog is `true` or it is `undefined` and [logLevel](#loglevel)\nis `debug` the changes of the redux store are shown. The store contains all data\nvisible to the user.\n\n#### logLevel\n\nThe value of logLevel is persistent during browser reload. If the value has been\nchanged e.g. by running `gmp.settings.logLevel = 'debug'` in the browser console\nthe browser window needs to be reloaded to apply this setting. Also this setting\nmust be reset via `gmp.settings.logLevel = undefined` to not display the debug\nlogs anymore and to use the default setting again. If logLevel is set to\n`'debug'` and [enableStoreDebugLog](#enablestoredebuglog) is not `false` the\nstore debug logs are shown too.\n\n#### timeout\n\nThis setting specifies as timeout after a data request to our API provided by\n[gsad] will fail. Default is 5 minutes (300000 ms).\n\n#### apiServer\n\nDefaults to `window.location.host`. It contains the domain/IP address of the\n[gsad] server including the port e.g. `'192.168.10.123:9392'`.\n\n#### apiProtocol\n\nDefaults to `window.location.protocol` and must be either `'http'` or `'https'`.\n\n#### manualUrl\n\nURL to the manual. On a Greenbone Enterprise Appliance the manuals are served\nlocally and the value is the relative URL `'/manual'`. The URL is used for all\nlinks from help icons pointing to a page at the user manual.\n\n#### manualLanguageMapping\n\nBecause we could possibly have a different number of translated manuals then\navailable locales, a setting for mapping a locale to a corresponding translated\nmanual is provided. If a current locale isn't mapped it always falls back to the\nEnglish (`en`) locale.\n\n#### protocolDocUrl\n\nThis setting contains the URL to the public Greenbone Management Protocol (GMP)\ndocumentation. It is only used at the About page.\n\n#### reloadInterval\n\nThe _standard_ interval for reloading data. The default is 15 seconds\n(15000 ms).\n\n#### reloadIntervalActive\n\nThis interval is used for reloading data on pages with an active process. This\nis currently the case for a task list page, task details page, report list page\nand report details page containing at least one actively scanning task.\nThe default is 3 seconds (3000 ms).\n\n#### reloadIntervalInactive\n\nThis interval is used instead of [reloadInterval](#reloadinterval) or\n[reloadIntervalActive](#reloadintervalactive) for reloading data when GSA\nis not the active browser window or tab. The default is 60 seconds (60000 ms).\n\n#### reportResultsThreshold\n\nIf the number of filtered results of a shown report extends this threshold only\nthe report without details is loaded and an information panel is show at the\nHosts, Ports, Applications, Operating Systems, CVEs, Close CVEs and TLS\nCertificates tabs to prompt the user for lowering the number of results by\nadditional filtering. This setting can be used to improve the responsiveness of\nthe report details page.\n\n#### severityRating\n\nDefines which Severity Rating should be used for the severity classes. Currently\nthe values `CVSSv2` and `CVSSv3` are allowed. CVSS version 3 introduces a new\n_Critical_ level from 9.0 to 10.0 which _High_ level in CVSS version 2. The\nseverity classes are used for example in the charts.\n\n## Support\n\nFor any question on the usage of `gsa` please use the [Greenbone Community\nPortal](https://community.greenbone.net/). If you found a problem with the\nsoftware, please [create an issue](https://github.com/greenbone/gsa/issues) on\nGitHub. If you are a Greenbone customer you may alternatively or additionally\nforward your issue to the Greenbone Support Portal.\n\n## Maintainer\n\nThis project is maintained by [Greenbone AG](https://www.greenbone.net/).\n\n## Contributing\n\nYour contributions are highly appreciated. Please [create a pull\nrequest](https://github.com/greenbone/gsa/pulls) on GitHub. Bigger changes need\nto be discussed with the development team via the [issues section at\ngithub](https://github.com/greenbone/gsa/issues) first.\n\n## License\n\nCopyright (C) 2009-2026 [Greenbone AG](https://www.greenbone.net/)\n\nLicensed under the AGPL-3.0 [GNU Affero General Public License v3.0 or later](LICENSE).\n\n[gsad]: https://github.com/greenbone/gsad/\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreenbone%2Fgsa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgreenbone%2Fgsa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreenbone%2Fgsa/lists"}