Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/ee/vulnerability-dashboard/README.md
Ian Littman 6f772a4405
Clean up "here" link anchors for docs, ee, and frontend dirs (#29742) 
More work to fix #29720.

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2025-06-13 15:05:52 -05:00

4.1 KiB
Raw Blame History

fleet-vulnerability-dashboard

Report and track progress on fixing and prioritizing thousands of installed CVEs.

screenshot of dashboard: overview

How does it work?

CVEs are detected and annotated using NVD, CVSS, EPSS, CISA KEVs, osquery, and Fleet.

screenshot of dashboard: list

Why a separate repo?

Should we move this to a subdirectory of fleetdm/confidential and have it deploy from there?

  • Philosophy: Why do we use one repo?
  • See also: The "broken windows effect"
  • Decision: No. On 2023-07-14, we decided to keep it here so Stephan, Finn, and all other relevant folks from Fastly can access the code and collaborate.
  • Update: 2023-11-06: The best thing is to move this in the ee/ directory of fleetdm/fleet. That achieves the goal of making it source available, but still paid. Logistics to enable this involve changing hosted deployments to deploy from within a nested subdirectory (something we've done before)

Cosmogony

f.k.a. "scooper"

Original raw notes and context: (private google doc since it contains competitor information: https://docs.google.com/document/d/1ByNWY6n_C-rvL75lI6jca2OniHt5FqA5_nYMf61S0pM/edit#)

Running the vulnerability dashboard with Docker.

To run a local vulnerability dashboard with docker, you can follow these instructions.

  1. Clone this repo

  2. Update the following ENV variables ee/vulnerability-dashboard/docker-compose.yml file:

  3. sails_custom__fleetBaseUrl: The full URL of your Fleet instance. (e.g., https://fleet.example.com)

  4. sails_custom__fleetApiToken: An API token for an API-only user on your Fleet instance.

  5. Open the ee/vulnerability-dashboard/ folder in your terminal

  6. Run docker compose up --build to build the vulnerability dashboard's Docker image.

The first time the vulnerability dashboard starts it will Initalize the database and run the update-reports script before the server starts.

  1. Once the container is done building, the vulnerability dashboard will be available at http://localhost:1337

You can login with the default admin login:

  • Email address: admin@example.com

  • Password: abc123

How it's made

This is a Sails v1 application: