Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-02 19:07:38 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 96
fleet/ee/vulnerability-dashboard/README.md
Eric 53bb51e49f
Update vulnerability dashboard to deploy from a parentless commit (#31887) 
Changes:
- Updated the `deploy-vulnerability-dashboard` workflow to deploy the
app from a parentless commit.
2025-08-14 09:58:25 -05:00

62 lines
4.1 KiB
Markdown
Raw Blame History

# fleet-vulnerability-dashboard
Report and track progress on fixing and prioritizing thousands of installed CVEs.
<img width="500" alt="screenshot of dashboard: overview" src="https://github.com/fleetdm/fleet-vulnerability-dashboard/assets/618009/738517a2-2cae-4599-96aa-f555c8e44d1a">
## How does it work?
CVEs are detected and annotated using [NVD, CVSS, EPSS, CISA KEVs, osquery, and Fleet](https://fleetdm.com/docs/using-fleet/vulnerability-processing).
<img width="1000" alt="screenshot of dashboard: list" src="https://github.com/fleetdm/fleet-vulnerability-dashboard/assets/618009/f950fb96-e20b-4b84-bdb4-4506410bd1cb">
## Why a separate repo?
Should we move this to a subdirectory of fleetdm/confidential and have it deploy from there?
- Philosophy: [Why do we use one repo?](https://fleetdm.com/handbook/company/why-this-way#why-do-we-use-one-repo)
- See also: The "broken windows effect"
- Decision: No. On 2023-07-14, we decided to keep it here so Stephan, Finn, and all other relevant folks from Fastly can access the code and collaborate.
- Update: 2023-11-06: The best thing is to move this in the ee/ directory of fleetdm/fleet. That achieves the goal of making it source available, but still paid. Logistics to enable this involve changing hosted deployments to deploy from within a nested subdirectory (something we've done before)
## Cosmogony
f.k.a. "scooper"
Original raw notes and context: (private google doc since it contains competitor information: https://docs.google.com/document/d/1ByNWY6n_C-rvL75lI6jca2OniHt5FqA5_nYMf61S0pM/edit#)
## Running the vulnerability dashboard with Docker.
To run a local vulnerability dashboard with docker, you can follow these instructions.
1. Clone this repo
2. Update the following ENV variables `ee/vulnerability-dashboard/docker-compose.yml` file:
1. `sails_custom__fleetBaseUrl`: The full URL of your Fleet instance. (e.g., https://fleet.example.com)
2. `sails_custom__fleetApiToken`: An API token for an [API-only user](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user) on your Fleet instance.
3. Open the `ee/vulnerability-dashboard/` folder in your terminal
4. Run `docker-compose up --build` to build the vulnerability dashboard's Docker image.
> The first time the vulnerability dashboard starts it will Initalize the database and run the `update-reports` script before the server starts.
5. Once the container is done building, the vulnerability dashboard will be available at http://localhost:1337
> You can login with the default admin login:
>
>- Email address: `admin@example.com`
>
>- Password: `abc123`
## How it's made
This is a [Sails v1](https://sailsjs.com) application:
+ [Sails framework documentation](https://sailsjs.com/get-started)
+ [Version notes / upgrading](https://sailsjs.com/documentation/upgrading)
+ [Deployment tips](https://sailsjs.com/documentation/concepts/deployment)
+ [Community support options](https://sailsjs.com/support)
+ **Version info**: This app was originally generated on Sat Dec 10 2022 15:56:06 GMT-0600 (Central Standard Time) using Sails v1.5.3. <!-- Internally, Sails used [`sails-generate@2.0.7`](https://github.com/balderdashy/sails-generate/tree/v2.0.7/lib/core-generators/new). -->
+ This project's boilerplate is based on an expanded seed app provided by the [Sails core team](https://sailsjs.com/about) to make it easier for you to build on top of ready-made features like authentication, enrollment, email verification, and billing. <!-- Note: Generators are usually run using the globally-installed `sails` CLI (command-line interface). This CLI version is _environment-specific_ rather than app-specific, thus over time, as a project's dependencies are upgraded or the project is worked on by different developers on different computers using different versions of Node.js, the Sails dependency in its package.json file may differ from the globally-installed Sails CLI release it was originally generated with. (Be sure to always check out the relevant [upgrading guides](https://sailsjs.com/upgrading) before upgrading the version of Sails used by your app. If you're stuck, [get help here](https://sailsjs.com/support).) -->
Reference in a new issue View git blame Copy permalink