Awesome Open Source
Awesome Open Source

Welcome to Vulnerability Catalog project, a catalog for Information Security Management designed for environments with multiple or diffuse vulnerability-related information sources.

Check the latest release

Known Vulnerabilities Maintainability

Install & run the Catalog

git clone https://github.com/daavelino/vulnerability-catalog
cd vulnerability-catalog
./setup.sh    # only during the first install
./run.sh

Features

  • Consistent track of the entire vulnerability lifecycle in a single place.
  • Standardized description and quantification of the vulnerabilities.
  • Risk and severity calculators to support precise quantification.
  • Dashboard to visualize the progress and attention points.
  • Easily import of the vulnerabilities found by Nessus or OpenVAS.

Check the Wiki for more information.

Why a Catalog?

Storing and keep track of all vulnerabilities found on your environment by using a centralized, easy to use and organized catalogue is a way more secure than using the traditional spreadsheets.

With the Panorama, gain insights about what needs to be improved, track progress and effort, design better strategies and reduce risks by visualising the environment as a whole.

Motivation

The idea to start this effort came from my experience trying to keep track of vulnerabilities during the Olympic and Paralympic Games at Rio 2016 - The Rio de Janeiro Olympics. During that time, I realized three hard things about vulnerability management:

  1. it is hard to centralize all information we got from vulnerability reports, assessments, pentests, user/peers report in a consistent way.
  2. it is hard to put relevant information, like risks and severity, in a common (and normalized) base.
  3. it is hard to visualize and get insights about the enviroment when we have multiple and diffuse sources of data, comming from .pdf, .xslx, .doc files or even by e-mail or other channels.

So, Vulnerability Catalog try to make things a little bit easier. With Catalog, we can unify, put data into a normal basis and manage vulnerabilities better than if you try to do this by using sheets or search and reading reports one-by-one each time you need an information.

Deploying to production

Please check the wiki for a step-by-step approach.

Many many thanks to

  • Victor Carvalho (https://www.behance.net/VictorjCarvalho), for logo design.
  • Barbara Camara for suggestions and point me the right persons.
  • Andrea Fabrete, for important improvement insights and suggestions.
  • Beatriz Lima, for watching changes and suggest new ideas.
  • Paulo Caldas, for stress the project concept, making it more mature.
  • Leandro Silva, for testing and report great feedback.

and others (you know who you are) for important feedbacks and to keep me straight in my path.


License: MIT License. Author: Daniel Avelino

Proudly made in .


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Javascript (1,555,917
Tool (6,419
Vulnerability (848
Concept (400
Information Security (234
Related Projects