{"id":21319502,"url":"https://github.com/zoom/viss","last_synced_at":"2025-09-11T11:37:38.229Z","repository":{"id":210267539,"uuid":"697835021","full_name":"zoom/viss","owner":"zoom","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-09T16:57:36.000Z","size":2111,"stargazers_count":37,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-04-09T20:10:57.052Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zoom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-09-28T15:12:52.000Z","updated_at":"2024-04-09T11:55:12.000Z","dependencies_parsed_at":"2023-12-01T18:25:06.442Z","dependency_job_id":"125dd570-a520-42e2-babd-7e00d9866cbd","html_url":"https://github.com/zoom/viss","commit_stats":null,"previous_names":["zoom/viss"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zoom%2Fviss","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zoom%2Fviss/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zoom%2Fviss/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zoom%2Fviss/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zoom","download_url":"https://codeload.github.com/zoom/viss/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225795415,"owners_count":17525316,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-21T19:42:26.480Z","updated_at":"2024-11-21T19:42:27.034Z","avatar_url":"https://github.com/zoom.png","language":"TypeScript","readme":"# VISS (Vulnerability Impact Scoring System)\nThe Vulnerability Impact Scoring System (VISS) captures objective impact characteristics of software, hardware, and firmware vulnerabilities in relation to infrastructure, technology stack, and customer data security. Unlike the Common Vulnerability Scoring System (CVSS), which subjectively evaluates vulnerabilities primarily from an attacker's viewpoint and assumes the worst-case impact, VISS measures responsibly demonstrated impact from a defender's perspective. VISS focuses solely on actual exploitation demonstration, disregarding the theoretical possibility of exploitation. The resulting numerical scores indicate the severity of impact within a specific environment given the risk profile and tolerance of the environment owner. It's important to note that VISS doesn't replace CVSS but rather serves as a complementary evaluation system from a different standpoint.\n\nVISS analysis evaluates thirteen impact aspects for each vulnerability, categorized into Platform, Infrastructure, and Data groups. The resulting VISS score ranges from 0 to 100 and can be adjusted using the Compensating Controls metric. Typically, the organization responsible for the system, environment, network, or product where the vulnerability is found calculates VISS scores. Alternatively, an external party like a bug bounty triage team may perform the evaluation on their behalf.\n\n## Pre-req\nVISS requires `node` and `npm` to be already installed.\n\n1. Fetch this repository first:\n\n```sh\ngit clone ... \u0026\u0026 cd ...\n```\n\n2. Install dependencies and the global `nx` utility: \n\n```sh\nnpm install \u0026\u0026 npm install -g nx\n```\n\n## Setup the database\nBy default, VISS uses the SQLite driver. In the `prisma/schema.prisma`, it's possible to select a different one – see https://www.prisma.io/docs/concepts/components/prisma-schema –.\n\n3.1 Check the `.env` file and define the connection string:\n\n```\nDATABASE_URL=[DATABASE_URL]\n```\n\n3.2 Generate the database and seed it:\n\n```shell\nnpx prisma generate\nnpx prisma db push\nnpx prisma db seed\n```\n\n## Run Development (Local)\n4. Run to produce the development releases:\n\n```sh\nnx run-many --parallel --target=serve --projects=calculator,configurator\n```\n\n## Run Production (Local)\n5. Run to produce the production build releases: \n\n```sh\nnx run calculator:build\nnx run configurator:build\n```\n\n6. A new `dist` folder will be created\n7. Run both apps: \n   \n```\ncd dist/apps/configurator/\nPORT=4000 npm run start \u0026\ncd -1\ncd dist/apps/calculator/\nnpm run start \u0026\n```\n\n## Home \u0026 Specifications page\nVISS comes with 2 static pages containing a brief description of the scoring system and its specifications.\n\nThose pages are located under `apps/calculator/static` and can be **customized** or **not included** in final build.\n\nRun the following command **only** if you prefer both pages to be shown:\n\n```sh\ncp apps/calculator/static dist/apps/calculator/\n```\n\n## API Endpoints\nThe **private configurator** application exposes 4 API endpoints:\n\n| Method | Endpoint | Return |\n|---|---|---|\n| `GET` | `/api/configuration/all` | Full list of configurations |\n| `GET` | `/api/configuration/active` | Active configuration |\n| `GET` | `/api/configuration/:id` | Configuration details for a given configuration id |\n| `GET` | `/api/configuration/:id/rules` | Ruleset details for a given configuration id |\n\n# VISS user guide located [here](VISS_User_Guide.pdf)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzoom%2Fviss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzoom%2Fviss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzoom%2Fviss/lists"}