{"id":14959424,"url":"https://github.com/jupiterone/starbase","last_synced_at":"2025-10-24T02:14:04.455Z","repository":{"id":37566800,"uuid":"438390286","full_name":"JupiterOne/starbase","owner":"JupiterOne","description":"Graph-based security analysis for everyone","archived":false,"fork":false,"pushed_at":"2024-01-02T18:03:51.000Z","size":8266,"stargazers_count":340,"open_issues_count":16,"forks_count":35,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-01-30T04:41:31.339Z","etag":null,"topics":["analysis","aws","azure","cypher","gcp","graph","hack","hacktoberfest","neo4j","security"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JupiterOne.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2021-12-14T20:27:13.000Z","updated_at":"2025-01-29T18:21:45.000Z","dependencies_parsed_at":"2023-02-19T09:30:56.939Z","dependency_job_id":"36e568df-9707-45cf-bf5f-9f8a9b7c745e","html_url":"https://github.com/JupiterOne/starbase","commit_stats":{"total_commits":177,"total_committers":15,"mean_commits":11.8,"dds":0.4971751412429378,"last_synced_commit":"d9f233a66af1f587e0daca7d4d458a540b8a852e"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fstarbase","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fstarbase/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fstarbase/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fstarbase/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JupiterOne","download_url":"https://codeload.github.com/JupiterOne/starbase/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238008491,"owners_count":19401261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","aws","azure","cypher","gcp","graph","hack","hacktoberfest","neo4j","security"],"created_at":"2024-09-24T13:19:41.148Z","updated_at":"2025-10-24T02:14:04.384Z","avatar_url":"https://github.com/JupiterOne.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n \u003cimg src=\"./docs/assets/logo-light-bg.png\" alt=\"Starbase Logo\" width=\"250\" /\u003e\u003c/br\u003e\u003c/br\u003e\n \u003cstrong style=\"font-size:75px;\"\u003eDemocratizing graph-based security analysis šŸš€\u003c/strong\u003e\n\u003c/h1\u003e\u003c/br\u003e\n\nStarbase from [JupiterOne](https://jupiterone.com), collects assets and\nrelationships from services and systems including cloud infrastructure, SaaS\napplications, security controls, and more into an intuitive graph view backed by\nthe [Neo4j](https://neo4j.com/) database.\n\n**Security is a basic right**. Starbase's goal is to **democratize graph-based\nsecurity analysis** and overall visibility into external services and systems.\nOur team believes that in order to secure any system or service, you must have:\n\n- **Knowledge** of the assets that you have\n- **Knowledge** of the relationships between assets that you have\n- **Knowledge** of what questions to ask about what you have\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"./docs/assets/starbase-demo.gif\" alt=\"Starbase Demo\"/\u003e\n\u003c/p\u003e\n\n## Why Starbase?\n\nStarbase offers three key advantages:\n\n1. **Depth and breadth** - Deep visibility from a\n [breadth of external services and systems](#available-integrations--connectors).\n Thousands of entities (vertices) and relationships (edges) are available\n out-of-the-box.\n2. **Uniform data model** - The data that Starbase collects is _automatically_\n classified, making it easy to develop _generic_ queries.\n3. **Easily extensible** - Starbase graph integrations can be easily developed!\n\n## Available Integrations / Connectors\n\nStarbase supports\n[115+](https://github.com/orgs/JupiterOne/repositories?q=graph-++in%3Aname\u0026type=public\u0026language=\u0026sort=)\nopen source graph integrations!\n\nHere are some highlights:\n\n- [Azure](https://github.com/jupiterone/graph-azure)\n- [Bitbucket](https://github.com/jupiterone/graph-bitbucket)\n- [GitHub](https://github.com/jupiterone/graph-github)\n- [Google Cloud](https://github.com/jupiterone/graph-google-cloud)\n- [Google Workspace](https://github.com/jupiterone/graph-google)\n- [Jira](https://github.com/jupiterone/graph-jira)\n- ...\n\n\u003cdetails\u003e\n \u003csummary\u003e\u003cb\u003eā—Click here to expand a full list of supported graph integrationsā—\u003c/b\u003e\u003c/summary\u003e\n\n- [^1]AWS\n- [Addigy](https://github.com/jupiterone/graph-addigy)\n- [AirWatch](https://github.com/jupiterone/graph-airwatch)\n- [AquaSec](https://github.com/jupiterone/graph-aquasec)\n- [JFrog Artifactory](https://github.com/jupiterone/graph-artifactory)\n- [atSpoke](https://github.com/jupiterone/graph-atspoke)\n- [Auth0](https://github.com/jupiterone/graph-auth0)\n- [Azure](https://github.com/jupiterone/graph-azure)\n- [Azure DevOps](https://github.com/jupiterone/graph-azure-devops)\n- [BambooHR](https://github.com/jupiterone/graph-bamboohr)\n- [Bugcrowd](https://github.com/jupiterone/graph-bugcrowd)\n- [CbDefense](https://github.com/jupiterone/graph-cbdefense)\n- [Checkmarx](https://github.com/jupiterone/graph-checkmarx)\n- [Cisco Amp](https://github.com/jupiterone/graph-cisco-amp)\n- [Cisco Meraki](https://github.com/jupiterone/graph-cisco-meraki)\n- [Cloudflare](https://github.com/jupiterone/graph-cloudflare)\n- [Cobalt](https://github.com/jupiterone/graph-cobalt)\n- [CrowdStrike](https://github.com/jupiterone/graph-crowdstrike)\n- [Datadog](https://github.com/jupiterone/graph-datadog)\n- [Detectify](https://github.com/jupiterone/graph-detectify)\n- [DigiCert](https://github.com/jupiterone/graph-digicert)\n- [Duo](https://github.com/jupriterone/graph-duo)\n- [Fastly](https://github.com/jupiterone/graph-fastly)\n- [Feroot](https://github.com/jupiterone/graph-feroot)\n- [Gitlab](https://github.com/jupiterone/graph-gitlab)\n- [Gitleaks Findings](https://github.com/jupiterone/graph-gitleaks-findings)\n- [GoDaddy](https://github.com/jupiterone/graph-godaddy)\n- [Google](https://github.com/jupiterone/graph-google)\n- [Google Cloud](https://github.com/jupiterone/graph-google-cloud)\n- [HackerOne](https://github.com/jupiterone/graph-hackerone)\n- [Heroku](https://github.com/JupiterOnejupiterone/graph-heroku)\n- [HubSpot](https://github.com/JupiterOnejupiterone/graph-hubspot)\n- [Jamf](https://github.com/jupiterone/graph-jamf)\n- [Jira](https://github.com/jupiterone/graph-jira)\n- [JumpCloud](https://github.com/jupiterone/graph-jumpcloud)\n- [Knowbe4](https://github.com/jupiterone/graph-knowbe4)\n- [Kubernetes](https://github.com/jupiterone/graph-kubernetes)\n- [Malwarebytes](https://github.com/jupiterone/graph-malwarebytes)\n- [Microsoft 365](https://github.com/jupiterone/graph-microsoft-365)\n- [Mimecast](https://github.com/jupiterone/graph-mimecast)\n- [Nmap](https://github.com/jupiterone/graph-nmap)\n- [NowSecure](https://github.com/jupiterone/graph-nowsecure)\n- [NPM](https://github.com/jupiterone/graph-npm)\n- [Okta](https://github.com/jupiterone/graph-okta)\n- [OneLogin](https://github.com/jupiterone/graph-onelogin)\n- [OpenShift](https://github.com/jupiterone/graph-openshift)\n- [PagerDuty](https://github.com/jupiterone/graph-pagerduty)\n- [Qualys](https://github.com/jupiterone/graph-qualys)\n- [Rapid7](https://github.com/jupiterone/graph-rapid7)\n- [Rumble](https://github.com/jupiterone/graph-rumble)\n- [Salesforce](https://github.com/jupiterone/graph-salesforce)\n- [SentinelOne](https://github.com/jupiterone/graph-sentinelone)\n- [Sentry](https://github.com/jupiterone/graph-sentry)\n- [ServiceNow](https://github.com/jupiterone/graph-servicenow)\n- [Signal Sciences](https://github.com/jupiterone/graph-signal-sciences)\n- [Slack](https://github.com/jupiterone/graph-slack)\n- [Snipe It](https://github.com/jupiterone/graph-snipe-it)\n- [Snowflake](https://github.com/jupiterone/graph-snowflake)\n- [Snyk](https://github.com/jupiterone/graph-snyk)\n- [SonarQube](https://github.com/jupiterone/graph-sonarqube)\n- [Sysdig](https://github.com/jupiterone/graph-sysdig)\n- [Tenable.io](https://github.com/jupiterone/graph-tenable-io)\n- [Terraform Cloud](https://github.com/jupiterone/graph-terraform-cloud)\n- [ThreatStack](https://github.com/jupiterone/graph-threatstack)\n- [Trend Micro](https://github.com/jupiterone/graph-trend-micro)\n- [Veracode](https://github.com/jupiterone/graph-veracode)\n- [Vuls Findings](https://github.com/jupiterone/graph-vuls-findings)\n- [vSphere](https://github.com/jupiterone/graph-vsphere)\n- [Wazuh](https://github.com/jupiterone/graph-wazuh)\n- [WhiteHat](https://github.com/jupiterone/graph-whitehat)\n- [Whois](https://github.com/jupiterone/graph-whois)\n- [WP Engine](https://github.com/jupiterone/graph-wpengine)\n- [Zendesk](https://github.com/jupiterone/graph-zendesk)\n- [Zoom](https://github.com/jupiterone/graph-zoom)\n\u003c/details\u003e\n\n## Usage and Development\n\n### Prerequisites\n\n1. Install [Node.js](https://nodejs.org/) using the\n [installer](https://nodejs.org/en/download/) or a version manager such as\n [nvm](https://github.com/nvm-sh/nvm) or [fnm](https://github.com/Schniz/fnm).\n2. Install [`yarn`](https://yarnpkg.com/getting-started/install).\n3. Install dependencies with `yarn install`.\n4. Register an account in the system each integration targets for ingestion and\n obtain API credentials.\n\n### Configuring Starbase\n\nStarbase leverages credentials from external services to authenticate and\ncollect data. When Starbase is started, it reads configuration data from a\nsingle configuration file named `config.yaml` at the root of the project.\n\n1. Copy `config.yaml.example` to `config.yaml`\n\n```\ncp config.yaml.example config.yaml\n```\n\n2. Supply configuration values in `config.yaml` for each integration\n\n\u003e **NOTE**: The individual graph integration configuration field names can be\n\u003e found in their respective `graph-*` projects.\n\u003e\n\u003e For example:\n\u003e https://github.com/JupiterOne/graph-google-cloud/blob/main/.env.example\n\u003e\n\u003e The `config.yaml` would resemble the following for Google Cloud:\n\u003e\n\u003e ```yaml\n\u003e integrations:\n\u003e - name: graph-google-cloud\n\u003e instanceId: testInstanceId\n\u003e directory: ./.integrations/graph-google-cloud\n\u003e gitRemoteUrl: https://github.com/JupiterOne/graph-google-cloud.git\n\u003e config:\n\u003e SERVICE_ACCOUNT_KEY_FILE: {}\n\u003e PROJECT_ID: '...'\n\u003e ORGANIZATION_ID: '...'\n\u003e CONFIGURE_ORGANIZATION_PROJECTS: false\n\u003e storage:\n\u003e - engine: neo4j\n\u003e config:\n\u003e username: neo4j\n\u003e password: devpass\n\u003e uri: bolt://localhost:7687\n\u003e database: neo4j\n\u003e ```\n\n### Running Starbase\n\nStarbase exposes a CLI for bootstrapping graph integration development and\nexecution.\n\n```\nāÆ yarn starbase --help\n\nUsage: yarn starbase [options] [command]\n\nStarbase graph ingestion orchestrator\n\nOptions:\n -c, --config \u003cpath\u003e optional path to config file (default: \"config.yaml\")\n -h, --help display help for command\n\nCommands:\n run collect and upload entities and relationships\n setup clone repositories listed in config.yaml\n help [command] display help for command\n```\n\n1. Run `yarn starbase setup` to clone or update all integrations listed in the\n `config.yaml` file as well as install all dependencies for each integration.\n2. Run `yarn starbase run` to collect data for each listed integration and then\n push collected data to the storage endpoint listed in `config.yaml`.\n\nFor additional information on using Neo4j or JupiterOne as a storage endpoint,\nplease see the [README.md](docker/README.md) provided.\n\n### Running Starbase - Docker\n\nAlternatively, Docker can be used to run Starbase, minimizing the need to\nlocally install node and yarn.\n\n1. Run `docker build --no-cache -t starbase:latest .` to create the Starbase\n docker image.\n2. Run `docker-compose run starbase setup` to clone or update all integrations\n listed in the `config.yaml` file as well as install all dependencies for each\n integration.\n3. Run `docker-compose run starbase run` to collect data for each listed\n integration and then push collected data to the storage endpoint listed in\n `config.yaml`.\n\nNote that macOS users in particular may see slower execution times when running\nStarbase in a Docker container.\n\n### Customizable Base Container Image\n\nWe also make a\n[base container image available via GitHub Container Registry](https://github.com/jupiterone/starbase/pkgs/container/starbase).\nThis image has only Starbase installed, without any configuration or graph\nintegrations. This means you'll need to pass configuration to Starbase by making\nyour `config.yaml` available to your running container, for example via a\n[Kubernetes ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/#using-configmaps-as-files-from-a-pod),\nand run `starbase setup` to install your graph integrations before using them.\n\n### Contributing\n\nStarbase is composed of three components:\n\n1. **Starbase Core**\n\n The Starbase core project is an orchestration engine that handles\n bootstrapping the underlying graph integrations.\n\n2. **Graph Integrations**\n\n These are the tools that perform data collection from third party systems and\n services. You can find a full list of supported\n [graph integrations here](https://github.com/jupiterone?q=graph-\u0026type=all\u0026language=\u0026sort=).\n If you have a feature request, a bug to report, or you'd like to contribute\n to one of the supported integrations, please navigate to the specific\n integration repository.\n\n3. **[Graph Integrations SDK](https://github.com/jupiterone/sdk)**\n\n The Graph Integration SDK contains core utilities and the underlying graph\n integration runtime packages. See the\n [SDK development documentation](https://github.com/JupiterOne/sdk/blob/main/docs/integrations/development.md)\n for a deep dive into the mechanics of how integrations work.\n\n### Changelog\n\nThe history of this project's development can be viewed at\n[CHANGELOG.md](CHANGELOG.md).\n\n### Contact\n\nJoin us on `#starbase` on the\n[JupiterOne Community Slack](https://join.slack.com/t/jupiterone-community/shared_invite/zt-9b0a2htx-m8PmSWMbkjqCzF2dIZiabw).\n\n[^1]:\n JupiterOne Starbase and the\n [Lyft Cartography](https://github.com/lyft/cartography) projects complement\n each other as both projects push graph data to a Neo4j database instance. As\n such, users of Starbase can leverage the AWS connector from Cartography to\n ingest AWS assets and relationships. A more comprehensive AWS integration is\n used by the [cloud hosted JupiterOne platform](https://jupiterone.com) and\n we are considering open sourcing the JupiterOne AWS integration in the\n future.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fstarbase","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjupiterone%2Fstarbase","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fstarbase/lists"}