1. About
2.1. Requirements
2.2. Installation
3. Usage
3.1. CLI Usage
3.2. Options
3.3. Demos
5. Contributing
6. License
7. Community
Electrosphere was built to help developers and security analysts who use the Conviso Platform to manage their vulnerabilities.
The purpose of this microservice is to register, in a simple and easy way, vulnerabilities found by nuclei on Conviso Platform. This application was Developed by rd-team.
Conviso Platform is a Software as a Service (SaaS) platform created by Conviso that supports the entire security cycle in the software development life cycle. It was created based on the Software Assurance Maturity Model (SAMM) - a project in the portfolio of the Open Web Application Security Project (OWASP) that defines a series of practices with the objective of improving software security.
- Docker You need Docker installed in your machine in order to run Electrosphere.
git clone https://github.com/convisolabs/electrosphere.git
cd electrosphere docker build -t electrosphere .Electrosphere uses the nuclei output in JSONL(ines) format to register vulnerabilities in the Conviso Platform.
To generate the output correctly use the following command:
nuclei -u $HOST -t $TEMPLATE -json -irr -o nuclei_output.jsonImportant: Do not change or format the nuclei output
docker run --rm -v $(pwd):/workspace -v /tmp:/tmp electrosphere -h
Demo running in homologation environment
docker run --rm -v $(pwd):/workspace -v /tmp:/tmp electrosphere -k $X_API_KEY -p $PROJECT_ID -i nuclei_output.json -e hml
You can find Conviso Platform's documentation on our website.
Your contributions and suggestions are welcome!
See here the contribution guidelines to learn about our development process, how to suggest bugfixes and improvements. For security issues, see here the security policy.
This work is licensed under MIT License.
You can connect with us and other contributors through the DevSecOps Community on Slack.
Thanks everyone! 🚀