Mixeway is an OpenSource software that is meant to simplify the process of security assurance of projects which are implemented using CICD procedures. Mixawey is not another vulnerability scanning software - it is security orchestration tool.
Detailed documentation can be found here
More information and contact forms can be found here
Mixeway is a middleware between CICD and Vulnerability Scanners. From user perspective it doesn’t matter which SAST, DAST, SCA or Network Scanner You are using – all integration is done by Mixeway in the background what makes the whole proces completely unified for the user/process.
With all this available, Mixeway provides functionalities to:
Elements of a system:
With Mixeway You can:
Requirements:
# Create project directory
mkdir mixeway && cd "$_"
# Download latest release
wget https://github.com/Mixeway/MixewayHub/releases/download/v1.6.3/MixewayHub.zip
# Unzip contents
unzip MixewayHub.zip
# Run startup script
./setup.sh
# Run application
docker-compose up
startup.sh
script is preparing environment
variable and create self-signed certificates. As a result file with content is created:
FRONTEND_URL=https://localhost
KEYALIAS=localhost
TRUSTPASS=changeit
P12PASS=changeit
PROFILE=prod
CERTIFICATE=/pki/cert.crt
PRIVATEKEY=/pki/private.key
VAULT_ENABLED=false
Description and other options are described in details in the linked documentation
Mixeway will be avaliable at https://<your_ip>
.
Software | Type | Versions | Notes |
---|---|---|---|
Acunetix | DAST Scanner | 10.0 + | Full scope |
Burp Enterprise Edition | DAST Scanner | 2021.10 + | Full scope |
Fortify | SAST Scanner | 16,17,21 | Downnloading results, creating scan require additional software |
Checkmarx | SAST Scanner | 9 + | Full Scope |
Dependency Track | SCA Scanner | 3+ | Full Scope |
Nexus IQ | SCA Scanner | 140+ | Full Scope - integration under development |
Nessus | Network Scanner | 6 | Full Scope |
GVM aka OpenVAS | Network Scanner | 18+ | Full Scope, require additional software |
AWS | Cloud | na | Security groups, resources info download |
OpenStack | Cloud | na | Security groups, resources info download |
GCP | Cloud | na | Security groups, resources info download, integration under development |
OWASP ZAP | DAST Scanner | na | Load results from performed scan |
KICS | SAST Scanner | na | Load results from performed scan |