https://github.com/TheFirewall-code/TheFirewall-Secrets-SCA

https://github.com/TheFirewall-code/TheFirewall-Secrets-SCA

Last synced: 9 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/TheFirewall-code/TheFirewall-Secrets-SCA
• Owner: TheFirewall-code
• License: mit
• Created: 2025-02-16T06:50:30.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-05-27T15:59:52.000Z (9 months ago)
• Last Synced: 2025-05-27T16:43:07.683Z (9 months ago)
• Language: Python
• Homepage: https://thefirewall.org
• Size: 13 MB
• Stars: 121
• Watchers: 4
• Forks: 4
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

• awesome-starts - TheFirewall-code/TheFirewall-Secrets-SCA - (others)

README

          







      



Welcome to The Firewall Project. Our security suite enhances your organization's security posture with a unified appsec platform featuring: Runtime **Secret Scanning** and **Software Composition Analysis (SCA)** via webhooks, comprehensive Asset Inventory, streamlined Incident Management, dynamic Scoring & Risk-Based Prioritization, RBAC, SSO, Rich API, and Slack/Jira Integrations.



## 🔥 Live Demo  

Try out **Firewall Platform** with our live demo!  

**🖥 URL:**  [https://demo.thefirewall.org](https://demo.thefirewall.org)  

**🔑 Login Credentials:**  

- **Username:** `Demo`  

- **Password:** `Zf8u8OMM(0j`  

⚠ **Security Notice:**  

- This demo is for evaluation purposes only.  

- **Do not perform brute force attacks, DoS, or any malicious activity.**  

- Misuse of the demo environment may result in access restrictions.  

## Table of Contents

- [Installation](#installation)

  - [Docker Installation (with Docker Compose)](#docker-installation-with-docker-compose)

  - [AWS CloudFormation Installation](#aws-cloudFormation-installation)

  - [AWS Marketplace Installation](#aws-marketplace-installation)

- [Usage](#usage)

- [Privacy Policy](#privacy-policy)

- [Vulnerability Disclosure Policy](#vulnerability-disclosure-policy)

- [Licence](#licence)

- [Support](#support)

## Installation

You have two installation options: Docker and AWS CloudFormation.

### Docker Installation (with Docker Compose)

1. **Clone the Repository**  

   First, clone this repository to your local machine:

   ```bash

   git clone https://github.com/TheFirewall-code/TheFirewall-Secrets-SCA.git

   cd TheFirewall-Secrets-SCA

   ```

2. **Set up Docker Compose**  

   In this repo, you’ll find a `docker-compose.yml` file to help you set up both tools with minimal configuration.

   Make sure you have Docker and Docker Compose installed. If not, you can get them [here](https://docs.docker.com/get-docker/).

3. **Run Docker Compose**  

   Start the services by running:

   ```bash

   docker-compose up -d

   ```

4. **Access the Tools**  

   Once the containers are up and running, you can access the services on the following ports (check the `docker-compose.yml` for specific mappings):

   - **TheFirewall Platform**: `http://localhost:3000`

5. **Stopping the Services**  

   To stop the services, simply run:

   ```bash

   docker-compose down

   ```

### AWS CloudFormation Installation

1. **Access the CloudFormation Template**  

   Open the AWS CloudFormation console and click on **Create stack**.  

   Use the following template URL:

   ```bash

   https://cf-templates-1ugfe9jf0z24o-ap-south-1.s3.ap-south-1.amazonaws.com/template-automatic.yaml

   ```

   

3. **Launch the CloudFormation Stack**  

- Choose **"Template is ready"** and select **"Amazon S3 URL"**.  

- Paste the URL above and click **Next**.  

- Provide a **Stack Name** and any required parameters.  

- Click **Next**, configure stack options if needed, and proceed.  

- Acknowledge any IAM permissions required and click **Create Stack**.

3. **Wait for Deployment**  

- The deployment process will take a few minutes.  

- Monitor the progress in the **CloudFormation Stacks** section.  

- Once complete, the status will change to `CREATE_COMPLETE`.

4. **Access the Tools**  

- After the stack is deployed, go to the **Outputs** tab.  

- Find the endpoint URLs for accessing the deployed services.

5. **Deleting the Stack**  

If you want to remove the deployment, delete the stack by selecting it in CloudFormation and clicking **Delete**.

   

### AWS Marketplace Installation

Alternatively, you can install **The Firewall Appsec Platform** directly via the [AWS Marketplace](https://aws.amazon.com/marketplace). Follow these steps:

1. Go to the [The Firewall Appsec Platform](https://aws.amazon.com/marketplace/pp/prodview-sxhlfl6vz6rma) on AWS Marketplace.

2. **Subscribe for Free**: Click on the "Subscribe" button to get started.

3. Once subscribed, **deploy the app** using the AWS Management Console.

4. You can now manage and use both tools through your AWS environment.

> **Note:** The AWS Marketplace deployment gives you an easy way to set up The Firewall Appsec Platform in the cloud, with minimal setup needed on your local machine.

---

## Architecture

![image](https://github.com/user-attachments/assets/7481689f-26fe-46c3-9726-4269cafc94f5)

## Usage

After installation, you can begin using the tools:

- **Secrets Scanning Tool**: This tool scans your codebase for sensitive information like passwords, API keys, and other secrets.

- **SCA Tool**: The Software Composition Analysis tool analyzes your project’s dependencies for vulnerabilities, ensuring you know the security risks of your third-party libraries.

For detailed usage instructions for each tool, refer to the respective documentation [over here](https://docs.thefirewall.org).

## Privacy Policy

We take your privacy seriously. When you register for a Community License:

* We only collect your email address

* Your email is used solely for license generation and critical security notifications

* We never share your information with third parties

* You can request data deletion at any time

Read our full Privacy Policy for detailed information about data handling and protection.

## Vulnerability Disclosure Policy

At Firewall, we take the security of our systems seriously. We value the input of security researchers and the broader community in helping to maintain high security standards. This policy sets out our commitments and guidelines for responsible vulnerability disclosure. Read our [full Policy](https://www.thefirewall.org/vdp) for detailed information about vulnerability disclosure program.

## Support

We're here to help you succeed with The Firewall platform!

📚 Documentation: https://docs.thefirewall.org 


📚 Blogs: https://blogs.thefirewall.org 

💬 Community: [[Discord Community Link](https://discord.gg/jD2cEy2ugg)] 


📧 Email: support@thefirewall.org

📞 Call: Lavlesh(+91-8057599291), Sparsh(+91-8194015800)


Questions? Choose any channel - we're responsive on all of them!