Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/archlinux/arch-security-tracker

Arch Linux Security Tracker
https://github.com/archlinux/arch-security-tracker

advisory archlinux audit cve security tracker website

Last synced: 1 day ago
JSON representation

Arch Linux Security Tracker

Host: GitHub
URL: https://github.com/archlinux/arch-security-tracker
Owner: archlinux
License: mit
Created: 2016-08-23T17:36:35.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2024-05-30T14:08:54.000Z (8 months ago)
Last Synced: 2024-07-21T00:44:13.741Z (6 months ago)
Topics: advisory, archlinux, audit, cve, security, tracker, website
Language: Python
Homepage: https://security.archlinux.org
Size: 707 KB
Stars: 119
Watchers: 20
Forks: 38
Open Issues: 42
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

# Arch Linux Security Tracker [![Build Status](https://travis-ci.com/archlinux/arch-security-tracker.svg?branch=master)](https://travis-ci.com/archlinux/arch-security-tracker)

The **Arch Linux Security Tracker** is a lightweight flask based panel
for tracking vulnerabilities in Arch Linux packages, displaying
vulnerability details and generating security advisories.

## Features

* Issue tracking
* Issue grouping
* libalpm support
* Todo lists
* Advisory scheduling
* Advisory generation
* SSO or local users

## Dependencies

### Application

* python >= 3.4
* python-sqlalchemy
* python-sqlalchemy-continuum
* python-flask
* python-flask-sqlalchemy
* python-flask-talisman
* python-flask-wtf
* python-flask-login
* python-flask-migrate
* python-authlib
* python-email-validator
* python-requests
* python-scrypt
* python-feedgen
* python-pytz
* python-markupsafe
* pyalpm
* sqlite

### Tests

* python-isort
* python-pytest
* python-pytest-cov

### Virtualenv

Python dependencies can be installed in a virtual environment (`venv`), by running:

```
python -m venv .virtualenv
. .virtualenv/bin/activate
pip install -r requirements.txt
```

For running tests:
```
pip install -r test-requirements.txt
```

## Setup

```
make
```

run debug mode:

```
make run
```

adding a new user:

```
make user
```

run tests:

```
make test
```

For production run it through ```uwsgi```

## Command line interface

The ```trackerctl``` script provides access to the command line interface
that controls and operates different parts of the tracker. All commands
and subcommands provide a ```--help``` option that describes the operation
and all its available options.

## Configuration

The configurations are all placed into the ```config``` directory and
applied as a sorted cascade.

The default values in the ```00-default.conf``` file should not be
altered for customization. If some tweaking is required, simply create
a new configuration file with a ```.local.conf``` suffix and some non
zero prefix like ```20-user.local.conf```. Files using this suffix are
on the ```.gitignore``` and not handled as untracked or dirty.

## SSO setup

A simple test environment for SSO can be configured using Keycloak:

1. Run a local Keycloak installation via docker as [described
upstream](https://www.keycloak.org/getting-started/getting-started-docker).

2. Create an ```arch-security-tracker``` client in Keycloak like in
[test/data/openid-client.json](test/data/openid-client.json).
Make sure the client contains a mapper for the group memberships called
```groups``` which is included as a claim.

3. Create a local tracker config file with enabled SSO and configure OIDC
secrets, groups and metadata url accordingly.

## Contribution

Help is appreciated, for some guidelines and recommendations check our
[Contribution](CONTRIBUTING.md) file.