The new major release of SKF is here!
We made some huge improvements to the SKF platform and it's better then ever:
Redesign of the SKF Angular component
Thanks to the Google Summer of Code and our Excellent student @AkashM398 we are proud to have this amazing new UI
- Full support of hosting SKF on a Kubernetes platform (yes even on a Raspberry Pi K8s stack)
- Deploy the security Labs from SKF or from Juice-shop directly from SKF platform and start hacking!
- By default we created Design patterns for the ASVS categories , for a lot of cases you don't need to go trough the Wizard anymore
- Light and Dark mode of the SKF application
- Tour explanation of the different pages and functionality
- Made SKF ready for OpenID integration
- ASVS Level 1 results have also the code/test examples on how to approach those requirements using SAST,DAST,SCA ...
And many more thing we have added, please have a look and give feedback of the good and the bad so we can take it in with the next release.
Want to see the current version, then go here and have fun:
(admin / test-skf) or Skip login
Fixed 2 bugs:
- Not able to update certain security controls in checklist due to not allowed character
- Max Length of the security controls content prevented updating
New release of SKF
Included in the new version:
- K8s deployment
- Possible to configure remote DB for example Mysql for persistent data storage
- Abstraction layer for the new checklist you can add to SKF
- Added Code filtering on code tags and search field
- Added audit commenting of the security controls in the project results page
- Local Docker image fixes
This version of SKF will be end of life and a new and better release of SKF will be available.
We thank you all for the feedback we got from you all about the SKF and used this to create a faster and better version of SKF.
This new version you will find in the main branch of this Github repo.
- Python 3.6 + 3.7
- Angular 4
- Python API + Swagger ui
- Java code examples thanks to TwelveSec
And much more, check it out ^^
Turns out the validate function was to tight so it was not allowed to use a space in for example your project name and destroyed the user session. Now fixed :)