Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jupiterone/starbase

Graph-based security analysis for everyone
https://github.com/jupiterone/starbase

analysis aws azure cypher gcp graph hack hacktoberfest neo4j security

Last synced: about 17 hours ago
JSON representation

Graph-based security analysis for everyone

Awesome Lists containing this project

README 

        


  Starbase Logo

  Democratizing graph-based security analysis 🚀




Starbase from [JupiterOne](https://jupiterone.com), collects assets and

relationships from services and systems including cloud infrastructure, SaaS

applications, security controls, and more into an intuitive graph view backed by

the [Neo4j](https://neo4j.com/) database.



**Security is a basic right**. Starbase's goal is to **democratize graph-based

security analysis** and overall visibility into external services and systems.

Our team believes that in order to secure any system or service, you must have:



- **Knowledge** of the assets that you have

- **Knowledge** of the relationships between assets that you have

- **Knowledge** of what questions to ask about what you have





  Starbase Demo




## Why Starbase?



Starbase offers three key advantages:



1. **Depth and breadth** - Deep visibility from a

   [breadth of external services and systems](#available-integrations--connectors).

   Thousands of entities (vertices) and relationships (edges) are available

   out-of-the-box.

2. **Uniform data model** - The data that Starbase collects is _automatically_

   classified, making it easy to develop _generic_ queries.

3. **Easily extensible** - Starbase graph integrations can be easily developed!



## Available Integrations / Connectors



Starbase supports

[115+](https://github.com/orgs/JupiterOne/repositories?q=graph-++in%3Aname&type=public&language=&sort=)

open source graph integrations!



Here are some highlights:



- [Azure](https://github.com/jupiterone/graph-azure)

- [Bitbucket](https://github.com/jupiterone/graph-bitbucket)

- [GitHub](https://github.com/jupiterone/graph-github)

- [Google Cloud](https://github.com/jupiterone/graph-google-cloud)

- [Google Workspace](https://github.com/jupiterone/graph-google)

- [Jira](https://github.com/jupiterone/graph-jira)

- ...



  âť—Click here to expand a full list of supported graph integrationsâť—



- [^1]AWS

- [Addigy](https://github.com/jupiterone/graph-addigy)

- [AirWatch](https://github.com/jupiterone/graph-airwatch)

- [AquaSec](https://github.com/jupiterone/graph-aquasec)

- [JFrog Artifactory](https://github.com/jupiterone/graph-artifactory)

- [atSpoke](https://github.com/jupiterone/graph-atspoke)

- [Auth0](https://github.com/jupiterone/graph-auth0)

- [Azure](https://github.com/jupiterone/graph-azure)

- [Azure DevOps](https://github.com/jupiterone/graph-azure-devops)

- [BambooHR](https://github.com/jupiterone/graph-bamboohr)

- [Bugcrowd](https://github.com/jupiterone/graph-bugcrowd)

- [CbDefense](https://github.com/jupiterone/graph-cbdefense)

- [Checkmarx](https://github.com/jupiterone/graph-checkmarx)

- [Cisco Amp](https://github.com/jupiterone/graph-cisco-amp)

- [Cisco Meraki](https://github.com/jupiterone/graph-cisco-meraki)

- [Cloudflare](https://github.com/jupiterone/graph-cloudflare)

- [Cobalt](https://github.com/jupiterone/graph-cobalt)

- [CrowdStrike](https://github.com/jupiterone/graph-crowdstrike)

- [Datadog](https://github.com/jupiterone/graph-datadog)

- [Detectify](https://github.com/jupiterone/graph-detectify)

- [DigiCert](https://github.com/jupiterone/graph-digicert)

- [Duo](https://github.com/jupriterone/graph-duo)

- [Fastly](https://github.com/jupiterone/graph-fastly)

- [Feroot](https://github.com/jupiterone/graph-feroot)

- [Gitlab](https://github.com/jupiterone/graph-gitlab)

- [Gitleaks Findings](https://github.com/jupiterone/graph-gitleaks-findings)

- [GoDaddy](https://github.com/jupiterone/graph-godaddy)

- [Google](https://github.com/jupiterone/graph-google)

- [Google Cloud](https://github.com/jupiterone/graph-google-cloud)

- [HackerOne](https://github.com/jupiterone/graph-hackerone)

- [Heroku](https://github.com/JupiterOnejupiterone/graph-heroku)

- [HubSpot](https://github.com/JupiterOnejupiterone/graph-hubspot)

- [Jamf](https://github.com/jupiterone/graph-jamf)

- [Jira](https://github.com/jupiterone/graph-jira)

- [JumpCloud](https://github.com/jupiterone/graph-jumpcloud)

- [Knowbe4](https://github.com/jupiterone/graph-knowbe4)

- [Kubernetes](https://github.com/jupiterone/graph-kubernetes)

- [Malwarebytes](https://github.com/jupiterone/graph-malwarebytes)

- [Microsoft 365](https://github.com/jupiterone/graph-microsoft-365)

- [Mimecast](https://github.com/jupiterone/graph-mimecast)

- [Nmap](https://github.com/jupiterone/graph-nmap)

- [NowSecure](https://github.com/jupiterone/graph-nowsecure)

- [NPM](https://github.com/jupiterone/graph-npm)

- [Okta](https://github.com/jupiterone/graph-okta)

- [OneLogin](https://github.com/jupiterone/graph-onelogin)

- [OpenShift](https://github.com/jupiterone/graph-openshift)

- [PagerDuty](https://github.com/jupiterone/graph-pagerduty)

- [Qualys](https://github.com/jupiterone/graph-qualys)

- [Rapid7](https://github.com/jupiterone/graph-rapid7)

- [Rumble](https://github.com/jupiterone/graph-rumble)

- [Salesforce](https://github.com/jupiterone/graph-salesforce)

- [SentinelOne](https://github.com/jupiterone/graph-sentinelone)

- [Sentry](https://github.com/jupiterone/graph-sentry)

- [ServiceNow](https://github.com/jupiterone/graph-servicenow)

- [Signal Sciences](https://github.com/jupiterone/graph-signal-sciences)

- [Slack](https://github.com/jupiterone/graph-slack)

- [Snipe It](https://github.com/jupiterone/graph-snipe-it)

- [Snowflake](https://github.com/jupiterone/graph-snowflake)

- [Snyk](https://github.com/jupiterone/graph-snyk)

- [SonarQube](https://github.com/jupiterone/graph-sonarqube)

- [Sysdig](https://github.com/jupiterone/graph-sysdig)

- [Tenable.io](https://github.com/jupiterone/graph-tenable-io)

- [Terraform Cloud](https://github.com/jupiterone/graph-terraform-cloud)

- [ThreatStack](https://github.com/jupiterone/graph-threatstack)

- [Trend Micro](https://github.com/jupiterone/graph-trend-micro)

- [Veracode](https://github.com/jupiterone/graph-veracode)

- [Vuls Findings](https://github.com/jupiterone/graph-vuls-findings)

- [vSphere](https://github.com/jupiterone/graph-vsphere)

- [Wazuh](https://github.com/jupiterone/graph-wazuh)

- [WhiteHat](https://github.com/jupiterone/graph-whitehat)

- [Whois](https://github.com/jupiterone/graph-whois)

- [WP Engine](https://github.com/jupiterone/graph-wpengine)

- [Zendesk](https://github.com/jupiterone/graph-zendesk)

- [Zoom](https://github.com/jupiterone/graph-zoom)



## Usage and Development



### Prerequisites



1. Install [Node.js](https://nodejs.org/) using the

   [installer](https://nodejs.org/en/download/) or a version manager such as

   [nvm](https://github.com/nvm-sh/nvm) or [fnm](https://github.com/Schniz/fnm).

2. Install [`yarn`](https://yarnpkg.com/getting-started/install).

3. Install dependencies with `yarn install`.

4. Register an account in the system each integration targets for ingestion and

   obtain API credentials.



### Configuring Starbase



Starbase leverages credentials from external services to authenticate and

collect data. When Starbase is started, it reads configuration data from a

single configuration file named `config.yaml` at the root of the project.



1. Copy `config.yaml.example` to `config.yaml`



```

cp config.yaml.example config.yaml

```



2. Supply configuration values in `config.yaml` for each integration



> **NOTE**: The individual graph integration configuration field names can be

> found in their respective `graph-*` projects.

>

> For example:

> https://github.com/JupiterOne/graph-google-cloud/blob/main/.env.example

>

> The `config.yaml` would resemble the following for Google Cloud:

>

> ```yaml

> integrations:

>   - name: graph-google-cloud

>     instanceId: testInstanceId

>     directory: ./.integrations/graph-google-cloud

>     gitRemoteUrl: https://github.com/JupiterOne/graph-google-cloud.git

>     config:

>       SERVICE_ACCOUNT_KEY_FILE: {}

>       PROJECT_ID: '...'

>       ORGANIZATION_ID: '...'

>       CONFIGURE_ORGANIZATION_PROJECTS: false

> storage:

>   - engine: neo4j

>     config:

>       username: neo4j

>       password: devpass

>       uri: bolt://localhost:7687

>       database: neo4j

> ```



### Running Starbase



Starbase exposes a CLI for bootstrapping graph integration development and

execution.



```

❯ yarn starbase --help



Usage: yarn starbase [options] [command]



Starbase graph ingestion orchestrator



Options:

  -c, --config   optional path to config file (default: "config.yaml")

  -h, --help           display help for command



Commands:

  run             collect and upload entities and relationships

  setup           clone repositories listed in config.yaml

  help [command]  display help for command

```



1. Run `yarn starbase setup` to clone or update all integrations listed in the

   `config.yaml` file as well as install all dependencies for each integration.

2. Run `yarn starbase run` to collect data for each listed integration and then

   push collected data to the storage endpoint listed in `config.yaml`.



For additional information on using Neo4j or JupiterOne as a storage endpoint,

please see the [README.md](docker/README.md) provided.



### Running Starbase - Docker



Alternatively, Docker can be used to run Starbase, minimizing the need to

locally install node and yarn.



1. Run `docker build --no-cache -t starbase:latest .` to create the Starbase

   docker image.

2. Run `docker-compose run starbase setup` to clone or update all integrations

   listed in the `config.yaml` file as well as install all dependencies for each

   integration.

3. Run `docker-compose run starbase run` to collect data for each listed

   integration and then push collected data to the storage endpoint listed in

   `config.yaml`.



Note that macOS users in particular may see slower execution times when running

Starbase in a Docker container.



### Customizable Base Container Image



We also make a

[base container image available via GitHub Container Registry](https://github.com/jupiterone/starbase/pkgs/container/starbase).

This image has only Starbase installed, without any configuration or graph

integrations. This means you'll need to pass configuration to Starbase by making

your `config.yaml` available to your running container, for example via a

[Kubernetes ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/#using-configmaps-as-files-from-a-pod),

and run `starbase setup` to install your graph integrations before using them.



### Contributing



Starbase is composed of three components:



1. **Starbase Core**



   The Starbase core project is an orchestration engine that handles

   bootstrapping the underlying graph integrations.



2. **Graph Integrations**



   These are the tools that perform data collection from third party systems and

   services. You can find a full list of supported

   [graph integrations here](https://github.com/jupiterone?q=graph-&type=all&language=&sort=).

   If you have a feature request, a bug to report, or you'd like to contribute

   to one of the supported integrations, please navigate to the specific

   integration repository.



3. **[Graph Integrations SDK](https://github.com/jupiterone/sdk)**



   The Graph Integration SDK contains core utilities and the underlying graph

   integration runtime packages. See the

   [SDK development documentation](https://github.com/JupiterOne/sdk/blob/main/docs/integrations/development.md)

   for a deep dive into the mechanics of how integrations work.



### Changelog



The history of this project's development can be viewed at

[CHANGELOG.md](CHANGELOG.md).



### Contact



Join us on `#starbase` on the

[JupiterOne Community Slack](https://join.slack.com/t/jupiterone-community/shared_invite/zt-9b0a2htx-m8PmSWMbkjqCzF2dIZiabw).



[^1]:

    JupiterOne Starbase and the

    [Lyft Cartography](https://github.com/lyft/cartography) projects complement

    each other as both projects push graph data to a Neo4j database instance. As

    such, users of Starbase can leverage the AWS connector from Cartography to

    ingest AWS assets and relationships. A more comprehensive AWS integration is

    used by the [cloud hosted JupiterOne platform](https://jupiterone.com) and

    we are considering open sourcing the JupiterOne AWS integration in the

    future.