{"id":13844996,"url":"https://github.com/softrams/bulwark","last_synced_at":"2025-07-12T00:32:38.516Z","repository":{"id":38991331,"uuid":"261895924","full_name":"softrams/bulwark","owner":"softrams","description":"An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.","archived":false,"fork":false,"pushed_at":"2024-08-28T19:37:39.000Z","size":48999,"stargazers_count":180,"open_issues_count":0,"forks_count":37,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-08-28T21:18:20.748Z","etag":null,"topics":["angular","application-security","appsec","blue-team","bugbounty","express","nodejs","penetration-testing-tools","pentesting","red-team","security-tool","security-tools","typeorm","typescript","vulnerability-assessment","vulnerability-management","vulnerability-report","vulnerability-research","webappsec"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/softrams.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-06T22:50:48.000Z","updated_at":"2024-08-12T20:01:11.000Z","dependencies_parsed_at":"2024-01-07T09:38:35.542Z","dependency_job_id":"75ca2e0c-5fa8-418f-8e7d-cca7fb1845b9","html_url":"https://github.com/softrams/bulwark","commit_stats":null,"previous_names":[],"tags_count":71,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softrams%2Fbulwark","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softrams%2Fbulwark/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softrams%2Fbulwark/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/softrams%2Fbulwark/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/softrams","download_url":"https://codeload.github.com/softrams/bulwark/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225772839,"owners_count":17521899,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angular","application-security","appsec","blue-team","bugbounty","express","nodejs","penetration-testing-tools","pentesting","red-team","security-tool","security-tools","typeorm","typescript","vulnerability-assessment","vulnerability-management","vulnerability-report","vulnerability-research","webappsec"],"created_at":"2024-08-04T17:03:05.891Z","updated_at":"2025-07-12T00:32:38.476Z","avatar_url":"https://github.com/softrams.png","language":"TypeScript","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg width=\"350\" src=\"frontend/src/assets/logo.png\"\u003e\n\u003c/p\u003e\n\n\u003cp style=\"text-align: center;\"\u003eAn organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src='https://img.shields.io/badge/License-MIT-yellow.svg'\u003e\n\u003cimg src='https://github.com/softrams/bulwark/workflows/build/badge.svg'\u003e\n\u003cimg src='https://github.com/softrams/bulwark/workflows/CodeQL/badge.svg'\u003e\n\u003cimg src='https://img.shields.io/docker/cloud/build/softramsdocker/bulwark'\u003e\n\u003cimg src='https://img.shields.io/docker/pulls/softramsdocker/bulwark'\u003e\n\u003c/p\u003e\n\n## Features\n\n- Multi-client Vulnerability Management\n- Security Report Generation\n- Jira Integration\n- Team-based Roles Authorization\n- API Key \u0026 Management\n- Email Integration\n- Markdown Support\n- User Activation/Deactivation (Admin)\n\n## Note\n\nPlease keep in mind, this project is in early development.\n\n## Demo\n\n![Bulwark Walkthrough Demo](https://github.com/softrams/media/blob/main/bulwark_report_demo.gif)\n\n## Jira Integration\n\n![Bulwark Jira Demo](https://github.com/softrams/media/blob/main/bulwark_jira_demo.gif)\n\n## Launch with Docker\n\n1. Install [Docker](https://www.docker.com/)\n2. Create a `.env` file and supply the following properties:\n\n```\nMYSQL_DATABASE=\"bulwark\"\nMYSQL_PASSWORD=\"bulwark\"\nMYSQL_ROOT_PASSWORD=\"bulwark\"\nMYSQL_USER=\"root\"\nMYSQL_DB_CHECK=\"mysql\"\nDB_PASSWORD=\"bulwark\"\nDB_URL=\"172.16.16.3\"\nDB_ROOT=\"root\"\nDB_USERNAME=\"bulwark\"\nDB_PORT=3306\nDB_NAME=\"bulwark\"\nDB_TYPE=\"mysql\"\nNODE_ENV=\"production\"\nDEV_URL=\"http://localhost:4200\"\nSERVER_ADDRESS=\"http://localhost\"\nPORT=4500\nJWT_KEY=\"changeme\"\nJWT_REFRESH_KEY=\"changeme\"\nCRYPTO_SECRET=\"changeme\"\nCRYPTO_SALT=\"changeme\"\n```\n\nBuild and start Bulwark containers:\n\n```\ndocker-compose up\n```\n\nStart/Stop Bulwark containers:\n\n```\ndocker-compose start\ndocker-compose stop\n```\n\nRemove Bulwark containers:\n\n```\ndocker-compose down\n```\n\nBulwark will be available at [localhost:4500](http://localhost:4500)\n\n## Local Installation\n\n```\n$ git clone (url)\n$ cd bulwark\n$ npm install\n```\n\nRunning `npm install` will install both server-side and client-side modules. Furthermore, it will run the script `npm run config` which will dynamically set the environment variables in addition to updating the [Angular environment](https://angular.io/guide/build).\n\n### Development Mode\n\nSet `NODE_ENV=\"development\"`\n\n```\n$ npm run config\n$ npm run start:dev\n```\n\n### Production Mode\n\nSet `NODE_ENV=\"production\"`\n_Please note: `npm install` will automatically build in production mode_\n\n```\n$ npm run config\n$ npm run build:prod\n$ npm start\n```\n\n### Environment variables\n\nCreate a `.env` file on the root directory. This will be parsed with [dotenv](https://www.npmjs.com/package/dotenv) by the application.\n\n#### `DB_PASSWORD`\n\n`DB_PASSWORD=\"somePassword\"`\n\nSet this variable to database password\n\n#### `DB_USERNAME`\n\n`DB_USERNAME=\"foobar\"`\n\nSet this variable to database user name\n\n#### `DB_URL`\n\n`DB_URL=something-foo-bar.dbnet`\n\nSet this variable to database URL\n\n#### `DB_PORT`\n\n`DB_PORT=3306`\n\nSet this variable to database port\n\n#### `DB_NAME`\n\n`DB_NAME=\"foobar\"`\n\nSet this variable to database connection name\n\n#### `DB_TYPE`\n\n`DB_TYPE=\"mysql\"`\n\nThe application was developed using a MySQL database. See the [typeorm](https://github.com/typeorm/typeorm/blob/master/docs/connection-options.md#common-connection-options) documentation for more database options.\n\n#### `NODE_ENV`\n\n`NODE_ENV=production`\n\nSet this variable to determine node environment\n\n#### `DEV_URL=\"http://localhost:4200\"`\n\nUsed by Angular to build and serve the application\n\n#### `SERVER_ADDRESS=\"http://localhost\"`\n\nUpdate if a different server address is required\n\n#### `PORT=4500`\n\nUpdate if a different server port is required\n\n#### `JWT_KEY`\n\n`JWT_KEY=\"changeMe\"`\n\nSet this variable to the JWT secret\n\n#### `JWT_REFRESH_KEY`\n\n`JWT_REFRESH_KEY=\"changeMe\"`\n\nSet this variable to the refresh JWT secret\n\n#### `CRYPTO_SECRET`\n\n`CRYPTO_SECRET=\"randomValue\"`\n\nSet this variable to the [Scrypt](https://nodejs.org/api/crypto.html#crypto_crypto_scryptsync_password_salt_keylen_options) password.\n\n#### `CRYPTO_SALT`\n\n`CRYPTO_SECRET=\"randomValue\"`\n\nSet this variable to the [Scrypt](https://nodejs.org/api/crypto.html#crypto_crypto_scryptsync_password_salt_keylen_options) salt.\n\n### Empty `.env` file template\n\n```\nDB_PASSWORD=\"\"\nDB_URL=\"\"\nDB_USERNAME=\"\"\nDB_PORT=3306\nDB_NAME=\"\"\nDB_TYPE=\"\"\nNODE_ENV=\"\"\nDEV_URL=\"http://localhost:4200\"\nSERVER_ADDRESS=\"http://localhost\"\nPORT=4500\nJWT_KEY=\"\"\nJWT_REFRESH_KEY=\"\"\nCRYPTO_SECRET=\"\"\nCRYPTO_SALT=\"\"\n```\n\n### Note on M1/M2 Macs\n```\nInstall sqlite3: \nbrew install sqlite3\n\nExport compiler related env variables: \nexport LDFLAGS=\"-L/opt/homebrew/opt/sqlite/lib\"\nexport CPPFLAGS=\"-I/opt/homebrew/opt/sqlite/include\"\nexport PKG_CONFIG_PATH=\"/opt/homebrew/opt/sqlite/lib/pkgconfig\"\nexport NODE_OPTIONS=--openssl-legacy-provider\n\nPrepare for a fresh install:\nrm -rf node_modules\nnpm cache verify\nnpm i --force\n```\n\n### Create Initial Database Migration\n\n1. Create the initial database migration\n\n```\n$ npm run migration:init\n```\n\n2. Run the initial database migration\n\n```\n$ npm run migration:run\n```\n\n## Default credentials\n\nA user account is created on initial startup with the following credentials:\n\n- email: `admin@example.com`\n- password: `changeMe`\n\nUpon first login, update the default user password under the profile section.\n\n## Roles\n\nThe application utilizes least privilege access with team-based authorization. Teams are assigned a role which determines the features available to that specific team. A user will inherit roles from team membership. Administrators have team management access and must assign users to teams. Initially, users are created with no team association and will not have access to any features in the application.\n\nThe three roles include:\n\n1. Admin\n2. Tester\n3. Read-Only\n\nA team can only be associated to a single organization. However, a team can be associated to multiple assets within the same organization. A user can be a member of multiple teams. If a user is assigned to multiple teams of the same organization, the system will choose the highest authorized team.\n\n_Please note: The default user is automatically assigned to the `Administrators` team on initial startup_\n\n### Role Matrix\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003cth scope=\"col\"\u003eAdmin\u003c/th\u003e\n    \u003cth scope=\"col\"\u003eTester\u003c/th\u003e\n    \u003cth scope=\"col\"\u003eRead-Only\u003c/th\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eUser-Profile Management\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eTeam Management\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eUser Management\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eInvite User\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eCreate User\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eEmail Settings Management\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eJira Integration\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eOrganization: Read\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eOrganization: Full Write\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eAsset: Read\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eAsset: Full Write\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eAssessment: Read\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eAssessment: Full Write\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eVulnerability: Read\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eVulnerability: Full Write\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eExport Vulnerability to Jira\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e \n  \u003ctr\u003e\n    \u003cth scope=\"row\"\u003eReport Generation\u003c/th\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n    \u003ctd\u003ex\u003c/td\u003e\n  \u003c/tr\u003e \n\u003c/table\u003e\n\n\u003cbr\u003e\n\n## API Key \u0026 Management\n\nA user may generate a single API key which can be used in place of their authorization token. This API key allows for all actions against the application that the user is authorized for.\n\n### Generating an API key pair\n\n1. Login to the application\n2. Navigate to the `User Profile` section\n3. Select `Generate API Key`\n\nThis action will generate a pair of keys:\n\n1. `Bulwark-Api-Key`\n   1. This is a generated plaintext value to identify the user.\n2. `Bulwark-Secret-Key`\n   1. This is a generated plaintext value to verify the user by comparing a [Bcrypt](https://www.npmjs.com/package/bcrypt) hash stored in the database.\n\n\u003cstrong\u003eWrite down the generated keys in a safe place. You will not be able to retrieve the keys at a later time.\u003c/strong\u003e\n\n### How to use API keys\n\nThe API key pair values must be matched and appended to the following HTTP request headers:\n\n- `Bulwark-Api-Key`\n- `Bulwark-Secret-Key`\n\nExample:\n\n```\nGET /api/assessment/1 HTTP/1.1\nHost: localhost:4500\nAccept: application/json, text/plain, */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nBulwark-Api-Key: {{changeMe}}\nBulwark-Secret-Key: {{changeMe}}\nOrigin: http://localhost:4200\nConnection: close\nReferer: http://localhost:4200/\nPragma: no-cache\nCache-Control: no-cache\n```\n\n## Built With\n\n- [Typeorm](https://typeorm.io/#/) - The ORM used\n- [Angular](https://angular.io/) - The Angular Framework\n- [Express](https://expressjs.com/) - A minimal and flexible Node.js web application framework\n\n## Contributing\n\nPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. Read the [contribution guidelines](CONTRIBUTING.md) for more information.\n\n## License\n\n[MIT](https://choosealicense.com/licenses/mit/)\n","funding_links":[],"categories":["TypeScript (64)","TypeScript","Pentesting"],"sub_categories":["ARM"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftrams%2Fbulwark","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoftrams%2Fbulwark","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoftrams%2Fbulwark/lists"}