Purify : All-In-One Tool For Managing Vulnerability Reports

The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools.

Purify is designed to analyze the report of any tool, if the report is in JSON or XML format. This means you don’t need any special plug-ins to process reports from your selection of tools.

Purify is able to remove duplicate results among various vulnerability scanners or tools. In addition, it can combine several results of the same tool based on some fields and it is fully configurable (no coding required). Purify does all this work to reduce the headache of the analyst.

Collect all security findings in one place, review/validate/track them, collaborate, get notifications(Slack), export them into tracking systems(Jira) and so on.

Built With

• Nest – The web framework used
• Vuetify – Material Component Framework for Vue

Features

Currently, Purify supports Slack and Jira. Also, there is SMTP module, but it is not use at the moment.

List of packages used for these modules:

• jira-connector
• nodemailer
• @slack/webhook

Deployment With Nginx and MongoDB

• Overview
  • This deployment is based on two docker images:
    • ​https://hub.docker.com/r/faloker/purify-api​
    • https://hub.docker.com/r/faloker/purify-nginx​
      • serve static files (vue frontend)
      • provide https
      • serve files over http2
  • ​https://hub.docker.com/_/mongo (if you want local mongodb)
• Local Setup : To start the Purify locally without certificates and other production things, you can do the following:
  • Clone repository
  • Run docker-compose -f docker-compose.tests.yml up --build

Also Read – Guardedbox : Online Client-Side Manager For Secure Storage & Secrets Sharing

Configuration

• Docker-Compose : Before deployment you may want to configure a few things in docker-compose file

// ./docker-compose.yml
// if you want local mongodb

Mongo:
********
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
// update local path to the .env file (see api/.env.example)

API:
*****
env_file:
-.env.custom
// update local paths to certificate and key files

Nginx:
*******
volumes:
– /path/to/cert:/etc/nginx/ssl/cert
– /path/to/key:/etc/nginx/ssl/key
– ./nginx.prod.conf:/etc/nginx/nginx.conf

Nginx

You can edit nginx config file to adjust it for your needs. There is a config example which is used by default, but in order to use it, you will need to change server_name options.

Start

docker-compose up -d

Built With

• Nest – The web framework used
• Vuetify – Material Component Framework for Vue