AdVISE (the Advanced Vulnerability Information Sharing Environment) is a multi-party vulnerability reporting, coordination, and disclosure platform. AdVISE allows PSIRTs and other coordinators manage access to information and to track vulnerabilities from initial reporting through public disclosure.
AdVISE is a hybrid React/Django project. Most views are React single-page applications that receive data through the Django REST Framework API. As such, there are a few steps to spin up a development environment. The included docker-based dev/test environment is the preferred method for quick installation. See docs/README-quickstart for instructions.
AdVISE supports OAuth2 and local authentication through the django-allauth library. An OAuth2 provider is included with AdVISE or you can configure an OAuth2 provider of your choosing. Supported providers and instructions can be found here.
There are multiple configuration options, specifically for authentication and multi-factor authentication. See docs.
Swagger API documentation is provided through drf-yasg and can be accessed through your local installation.
- Quickstart
- Local install
- Examples of more complex installations can be found in deploy/examples
AdVISE Tests can be found in cvdp/tests. The tests cover most user roles access to most API endpoints. There are two options to run application tests. If the application is running locally, use manage.py
to run tests:
python manage.py test
If a local environment is not set up (for instance, in CI/CD pipelines, or when deploying to cloud providers), the tests can also be run in the containerized test environment using docker-compose
:
-
Copy the
deploy/docker/example.env.test.local
into the top-level directory (where you are reading this) as.env.test.local
. -
Edit
.env.test.local
and change thePOSTGRES_PASSWORD
,DB_PASS
, and the threeDJANGO_SUPERUSER_*
variables as appropriate. NOTE: ThePOSTGRES_PASSWORD
andDB_PASS
MUST MATCH. This file cannot make reference to variables declared inside itself. -
Uncomment the line to set the
RUN_TESTS_ONLY
variable. -
Build the containers:
docker compose -f deploy/docker/docker-compose-test.yml build
-
Run the tests:
docker compose -f deploy/docker/docker-compose-test.yml up --exit-code-from advise
The process will exit with the exit code of the advise container after running the tests, or with the exit code from the first container that fails prior to the tests running. Logs will be output to the console. This is useful for CI/CD pipelines and automated testing frameworks.
AdVISE is developed and maintained by Emily Sarneso (@esarneso) and Jonathan Woytek (@woytek) from vu.ls. We encourage feature requests, bug reports, and contributions.
-
Have an idea? Check for open issues or create one to start a discussion around a new feature or improvement.
-
Found a bug? Check for open issues, create a new one. PRs are also welcome.
-
Modify the API or create a new view? Make sure to run the tests to ensure no current functionality broke in the process. Then, create a test to show that your feature works as expected.
-
Feeling shy? Send us mail to discuss an idea or get support.
AdVISE is under active development. In the coming months, we plan to improve upon the existing implementation and add many new features.
vu.ls has many years of experience in coordinating vulnerabilities, vulnerability analysis, and PSIRT consultation. We offer varying levels of support in these fields. Visit vu.ls for more information.
AdVISE is released under the GNU Affero General Public License (AGPL).
- Copyright (C) 2023 Vul Labs, LLC