Shulou(Shulou.com)06/03 Report--

This article focuses on "how to use Bulwark to achieve organizational assets and vulnerability management", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use Bulwark to manage an organization's assets and vulnerabilities.

Overview

Bulwark is an organizational asset and vulnerability management tool for enterprises and organizations, which inherits Jira and is designed to help enterprise security practitioners generate application security reports within the organization.

It should be noted that the project is still in the early development stage, so it may be unstable.

Tool download git clone https://github.com/softrams/bulwark.git starts with Docker

First, we need to install Docker [download address] in the local environment.

Next, create a .env file and provide the following parameter configuration:

MYSQL_DATABASE= "bulwark" MYSQL_PASSWORD= "bulwark" MYSQL_ROOT_PASSWORD= "bulwark" MYSQL_USER= "root" MYSQL_DB_CHECK= "mysql" DB_PASSWORD= "bulwark" DB_URL= "172.16.16.3" DB_ROOT= "root" DB_USERNAME= "bulwark" DB_PORT=3306DB_NAME= "bulwark" DB_TYPE= "mysql" NODE_ENV= "production" DEV_URL= "http://localhost:4200"PROD_URL="http://localhost:5000"JWT_KEY="changeme"JWT_REFRESH_KEY=" Changeme "CRYPTO_SECRET=" changeme "CRYPTO_SALT=" changeme "

Build and start the Bulwark container:

Docker-compose up

Open / stop the Bulwark container:

Docker-compose startdocker-compose stop

Remove the Bulwark container:

Docker-compose down

At this point, we can access localhost:5000 to use Bulwark.

Local installation of $git clone https://github.com/softrams/bulwark.git$ cd bulwark$ npm install runs in development mode: $npm run start:dev runs in production mode: $npm start environment variable

Create a .env file in the root of the project, and the application will use dotenv to parse the file.

DB_PASSWORDDB_PASSWORD= "somePassword"

This variable is used to set the database password.

DB_USERNAMEDB_USERNAME= "foobar"

This variable is used to set the database user name.

DB_URLDB_URL=something-foo-bar.dbnet

This variable is used to set the database URL address.

DB_PORTDB_PORT=3306

This variable is used to set the database port number.

DB_NAMEDB_NAME= "foobar"

This variable is used to set the database name.

DB_TYPEDB_TYPE= "mysql"

This application uses MySQL as the database.

NODE_ENVNODE_ENV=production

This variable is used to set the node environment.

DEV_URL= "http://localhost:4200"

If you need to use different ports, you can configure this parameter.

PROD_URL= "http://localhost:5000"

If you need to use different ports, you can configure this parameter.

JWT_KEYJWT_KEY= "changeMe"

This variable is used to set JWT credentials.

JWT_REFRESH_KEYJWT_REFRESH_KEY= "changeMe"

This variable is used to refresh JWT credentials.

CRYPTO_SECRETCRYPTO_SECRET= "randomValue"

This variable is used to set the Scrypt password.

CRYPTO_SALTCRYPTO_SECRET= "randomValue"

This variable is used to set the Scrypt salt value.

Empty .env file template DB_PASSWORD= "" DB_URL= "" DB_USERNAME= "" DB_PORT=3306DB_NAME= "" DB_TYPE= "" NODE_ENV= "" DEV_URL= "http://localhost:4200"PROD_URL="http://localhost:5000"JWT_KEY=""JWT_REFRESH_KEY=""CRYPTO_SECRET=""CRYPTO_SALT="" create initial database migration

First, we need to create the initial database migration using the following command:

$npm run migration:init

Next, run the initial database migration:

$npm run migration:run default credential

We need to create a user account during the initial installation with the following credentials:

Email: admin@example.com password: changeMe

The first time you log in, don't forget to update the default user password in the account configuration.

At this point, I believe you have a deeper understanding of "how to use Bulwark to achieve organizational assets and vulnerability management". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.