Skip to content

archlinux/arch-security-tracker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

488 Commits

.external

.external

 
 

.github/workflows

.github/workflows

 
 

config

config

 
 

migrations

migrations

 
 

pacman

pacman

 
 

test

test

 
 

tracker

tracker

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

.isort.cfg

.isort.cfg

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

config.py

config.py

 
 

requirements.txt

requirements.txt

 
 

test-requirements.txt

test-requirements.txt

 
 

trackerctl

trackerctl

 
 

Repository files navigation

Arch Linux Security Tracker Build Status

The Arch Linux Security Tracker is a lightweight flask based panel for tracking vulnerabilities in Arch Linux packages, displaying vulnerability details and generating security advisories.

Features

  • Issue tracking
  • Issue grouping
  • libalpm support
  • Todo lists
  • Advisory scheduling
  • Advisory generation
  • SSO or local users

Dependencies

Application

  • python >= 3.4
  • python-sqlalchemy
  • python-sqlalchemy-continuum
  • python-flask
  • python-flask-sqlalchemy
  • python-flask-talisman
  • python-flask-wtf
  • python-flask-login
  • python-flask-migrate
  • python-authlib
  • python-email-validator
  • python-requests
  • python-scrypt
  • python-feedgen
  • python-pytz
  • python-markupsafe
  • pyalpm
  • sqlite

Tests

  • python-isort
  • python-pytest
  • python-pytest-cov

Virtualenv

Python dependencies can be installed in a virtual environment (venv), by running:

python -m venv .virtualenv
. .virtualenv/bin/activate
pip install -r requirements.txt

For running tests:

pip install -r test-requirements.txt

Setup

make

run debug mode:

make run

adding a new user:

make user

run tests:

make test

For production run it through uwsgi

Command line interface

The trackerctl script provides access to the command line interface that controls and operates different parts of the tracker. All commands and subcommands provide a --help option that describes the operation and all its available options.

Configuration

The configurations are all placed into the config directory and applied as a sorted cascade.

The default values in the 00-default.conf file should not be altered for customization. If some tweaking is required, simply create a new configuration file with a .local.conf suffix and some non zero prefix like 20-user.local.conf. Files using this suffix are on the .gitignore and not handled as untracked or dirty.

SSO setup

A simple test environment for SSO can be configured using Keycloak:

  1. Run a local Keycloak installation via docker as described upstream.

  2. Create an arch-security-tracker client in Keycloak like in test/data/openid-client.json. Make sure the client contains a mapper for the group memberships called groups which is included as a claim.

  3. Create a local tracker config file with enabled SSO and configure OIDC secrets, groups and metadata url accordingly.

Contribution

Help is appreciated, for some guidelines and recommendations check our Contribution file.

About

Arch Linux Security Tracker

security.archlinux.org

Topics

tracker security website archlinux audit cve advisory

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

116 stars

Watchers

20 watching

Forks

38 forks
Report repository

Releases 16

0.14.1 Latest
Oct 24, 2022
+ 15 releases

Packages

No packages published

Contributors 15

Languages