{"id":28113077,"url":"https://github.com/mixeway/mixewayhub","last_synced_at":"2025-05-14T05:06:08.946Z","repository":{"id":40450413,"uuid":"224918298","full_name":"Mixeway/MixewayHub","owner":"Mixeway","description":"Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.","archived":false,"fork":false,"pushed_at":"2024-03-15T09:35:31.000Z","size":42215,"stargazers_count":107,"open_issues_count":4,"forks_count":17,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-21T19:39:01.197Z","etag":null,"topics":["acunetix","checkmarx","cicd","dependency-track","devsecops","devsecops-pipeline","docker-compose","fortify","openvas","security-automation","security-orchestrator","security-tools","vulnerability-management","vulnerability-scanning"],"latest_commit_sha":null,"homepage":"https://mixeway.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mixeway.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["siewer"]}},"created_at":"2019-11-29T20:29:25.000Z","updated_at":"2024-09-01T10:32:25.000Z","dependencies_parsed_at":"2023-02-12T22:31:20.795Z","dependency_job_id":"2022ab20-d814-4972-96a5-464e6447fd29","html_url":"https://github.com/Mixeway/MixewayHub","commit_stats":null,"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mixeway%2FMixewayHub","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mixeway%2FMixewayHub/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mixeway%2FMixewayHub/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mixeway%2FMixewayHub/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mixeway","download_url":"https://codeload.github.com/Mixeway/MixewayHub/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254076848,"owners_count":22010611,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acunetix","checkmarx","cicd","dependency-track","devsecops","devsecops-pipeline","docker-compose","fortify","openvas","security-automation","security-orchestrator","security-tools","vulnerability-management","vulnerability-scanning"],"created_at":"2025-05-14T05:01:28.691Z","updated_at":"2025-05-14T05:06:08.935Z","avatar_url":"https://github.com/Mixeway.png","language":"Shell","funding_links":["https://github.com/sponsors/siewer"],"categories":["安全"],"sub_categories":[],"readme":"\u003ca href=\"https://github.com/Mixeway/MixewayHub/blob/master/releasenote.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/version-1.8.1-blue\" alt=\"https://img.shields.io/badge/-changelog-blue.svg\" data-canonical-src=\"https://img.shields.io/badge/-changelog-blue.svg\" style=\"max-width:100%;\"\u003e\u003c/a\u003e\n\u003ca href=\"hub.docker.comd\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/mixeway/backend?logo=Mixeway\u0026style=plastic\" alt=\"https://img.shields.io/badge/-changelog-blue.svg\" data-canonical-src=\"https://img.shields.io/badge/-changelog-blue.svg\" style=\"max-width:100%;\"\u003e\u003c/a\u003e\n![](https://github.com/Mixeway/MixewayBackend/workflows/Deploy%20prod%20version/badge.svg?branch=master)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=Mixeway_MixewayBackend\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=Mixeway_MixewayBackend)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=Mixeway_MixewayBackend\u0026metric=security_rating)](https://sonarcloud.io/dashboard?id=Mixeway_MixewayBackend)\n\n![MixewayLogo](.github/img/mixewaybadge.png)\n\n# Mixeway Hub \n\n### About Mixeway:\nMixeway is an OpenSource software that is meant to simplify the process of security assurance of projects which are implemented using CICD procedures. **Mixawey is not another vulnerability scanning\nsoftware - it is security orchestration tool**.\n\n\u003ca href=\"https://mixeway.github.io\"\u003eDetailed documentation can be found here\u003c/a\u003e\n\n\u003ca href=\"https://mixeway.io\"\u003eMore information and contact forms can be found here\u003c/a\u003e\n\n![](.github/img/lead_image-transparent.png)\n\nMixeway is a middleware between CICD and Vulnerability Scanners. From user perspective it doesn’t matter which SAST, DAST, SCA or Network Scanner You are using – all integration is done by Mixeway in the background what makes the whole proces completely unified for the user/process.\n\nWith all this available, Mixeway provides functionalities to:\n- Automatic service discovery (IaaS Plugin for assets and network scans for services)\n- Automatic Vulnerability Scan Configuration (Based on most recent configuration) - hands-free!\n- Automatic and on-demand Vulnerability scan execution (based on policy and executed via a REST API call)\n- One Vulnerability Database for all type of sources - SAST, DAST, OpenSource and Infrastructure vulnerabilities in one place\n- Customizable Security Quality Gateway - a reliable piece of information for CICD to decide if a job should pass or not.\n- REST API enables integration with already used Vulnerability Management systems used within the organization.\n\nElements of a system:\n- \u003ca href=\"https://github.com/Mixeway/MixewayBackend\"\u003eBackend - Spring Boot REST API\u003c/a\u003e\n- \u003ca href=\"https://github.com/Mixeway/MixewayFrontend\"\u003eFrontend - Angular 8 application \u003c/a\u003e\n- \u003ca href=\"https://github.com/Mixeway/MixewayHub\"\u003eMixewayHub - parent project which contain docker-compose and one click instalation \u003c/a\u003e\n\n### Vulnerability and Scan Management\n\n![](.github/img/vuln_scan_mgmt.png)\n\nWith Mixeway You can:\n* CONFIGURE AND RUN ANY SCAN - It doesn’t matter which vulnerability scanners You are using. With Mixeway integration running scans from GUI/API/CICD pipeline looks exactly the same no matter of scanning software.\n* VULNERABILITY MANAGEMENT - Although Vulnerability Management is not main focus of Mixeway, we still serve some of the functionalities where You can browse through findings, see dashboard statistics or create JIRA tickets just by clicking on an issue.\n* THREAT PRIORITIZATION - With Mixeway Vuln Auditor each detected threat is analyzed by Neural network and categorized as one of two: Relevant threat or not important/false positive. Thanks to that CyberSec Teams can focus only on serious threats\n\n### Running Mixeway\n\nRequirements:\n* Installed unzip\n* Docker and Docker-compose\n\n```bash\n# Create project directory\nmkdir mixeway \u0026\u0026 cd \"$_\"\n# Download latest release\nwget https://github.com/Mixeway/MixewayHub/releases/download/v1.6.3/MixewayHub.zip\n# Unzip contents\nunzip MixewayHub.zip\n# Run startup script\n./setup.sh\n# Run application\ndocker-compose up\n```\n\n`startup.sh` script is preparing `environment` variable and create self-signed certificates. As a result file with content is created:\n```shell\nFRONTEND_URL=https://localhost\nKEYALIAS=localhost\nTRUSTPASS=changeit\nP12PASS=changeit\nPROFILE=prod\nCERTIFICATE=/pki/cert.crt\nPRIVATEKEY=/pki/private.key\nVAULT_ENABLED=false\n```\n\n\u003ca href=\"https://mixeway.github.io/installation/\"\u003eDescription and other options are described in details in the linked documentation\u003c/a\u003e\n\nMixeway will be avaliable at `https://\u003cyour_ip\u003e`.\n\n### Supported integrations\n\n| Software | Type | Versions | Notes |\n|-------------------------|-----------------|-----------|-------------------------------------------------------------------------|\n| Acunetix | DAST Scanner | 10.0 + | Full scope | \n| Burp Enterprise Edition | DAST Scanner | 2021.10 + | Full scope |\n| Fortify | SAST Scanner | 16,17,21 | Downnloading results, creating scan require additional software |\n| Checkmarx | SAST Scanner | 9 + | Full Scope |\n| Dependency Track | SCA Scanner | 3+ | Full Scope |\n| Nexus IQ | SCA Scanner | 140+ | Full Scope - integration under development |\n| Nessus | Network Scanner | 6 | Full Scope |\n| GVM aka OpenVAS | Network Scanner | 18+ | Full Scope, require additional software |\n| AWS | Cloud | na | Security groups, resources info download |\n| OpenStack | Cloud | na | Security groups, resources info download |\n| GCP | Cloud | na | Security groups, resources info download, integration under development |\n| OWASP ZAP | DAST Scanner | na | Load results from performed scan |\n| KICS | SAST Scanner | na | Load results from performed scan |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmixeway%2Fmixewayhub","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmixeway%2Fmixewayhub","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmixeway%2Fmixewayhub/lists"}