The Omega Triage Portal is a web-application that can help manage automated vulnerability reports. It was designed for scale, (hundreds of thousands of projects, many millions of findings), but may also be useful at lower scale.
The Portal is in early development, and is not ready for general use.
Deployment of the Triage Portal in GitHub's development environment
This extension can be used from GitHub Codespaces:
Once loaded, open the .vscode/project.code-workspace
file and then click the Open Workspace
button. A new widow will open. This is needed because VS Code launch settings are nested
within the omega/triage-portal folder.
You can then run the Django launch task to start the application. Navigate to http://localhost:8001/admin/login/?next=/admin/ and enter the default credentials that you created (admin/admin), then navigate back to http://localhost:8001.
Make sure to have Docker installed and set up before running the following commands.
To build the application, run the following command:
docker-compose build
To run the application, run the following command:
docker-compose up
NOTE: The first time you run the application, you will need to run the following commands to create the database. This command MUST be run after the application is running with the above commands.
docker-compose run triage-portal python manage.py migrate
docker-compose run triage-portal python manage.py createsuperuser
Issues enabling python virtualenv
1. Open PowerShell
2. Run the following command: Set-ExecutionPolicy RemoteSigned -Scope CurrentUser OR Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
The documentation for the API that connects the Omega Analyzer and Triage Portal is housed within the GraphiQL IDE, which is basically a playground
offered by GraphQL to facilitate interactions with its APIs. It is conveniently accessible through the http://localhost:8001/graphql
endpoint.
This documentation becomes available after the application is successfully deployed.
File Size: Please be aware that the current file size limitation for the API stands at 200 MB
. This constraint should be considered when handling file uploads or other data interactions within the Triage Portal's API.
The Proof of concept webapp is available at https://otpdev1.eastus.cloudapp.azure.com/admin
In the event of a virtual machine having to be destroy and a new one taken it's place, here are important details when deploying a new proof of concept using Azure VM
/app
directory/etc/nginx/nginx.conf
and /etc/nginx/sites-available/default
file with the respected settings/opt/omega/static
directory is available, if not, create it.docker exec -it omega-triage-portal /bin/bash
) and run python manage.py collectstatic
/opt/omega/static
directory ( cp core/settings.py /opt/omega/static
)TBD
See SECURITY.md.