DISCONTINUATION OF PROJECT
This project will no longer be maintained by Intel.
Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project.
Intel no longer accepts patches to this project.
If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project.
Contact: webadmin@linux.intel.com
The Security Risk Assessment Tool provides a structured, repeatable method
for evaluating the potential security risk on a Software Project and recommends appropriate security activities.
Risk Rating Methodology can be customized - Questionaires and Multiple Opption Answers with specific Wieghts and Scores -
The Default SRA Method used is the OWASP Risk Rating Methodology
SRA Tool is distributed under the MIT License.
- SRA API Service
- SRA Web UI
***Implementation can be done on Windows/Linux platforms
a) Install Prerequisites
- Golang ( Service - Backend is written in this language )
- MySQL Server
- Go MySQL Drivers
The file sra.config.json contains the initial configuration to connect to the Database
the file Main.go contains sets the API listener to 127.0.0.1 (localhost)
The API structure and flow can be follow checking : main.go - > routes.go -> handlers.go -> sra_models.go
b) go get (to install the Go dependencies)
c) go build (To build the executable that serves the API
d) run the executable
e) Test http(s)://127.0.0.1:7089/sra/projects (Port and Address modifiable on file main.go)
a) Install Prerequisites
- Angular (Web App uses Angular 1.2 )
- Angular-formly-templates-ionic (see WebUI/js/formly/.txt)
- Angular Datatables and Datables (see WebUI/js/angularDatatables/.txt and WebUI/js/Datatables/.txt)
- Angular Loading Bar (see WebUI/js/loadingbar/.txt)
- Angular-nvd3 (see WebUI/js/angular-nvd3/*.txt)
b) Set the WebServer of your preference (e.g. IIS on Windows or Apache on Linux) and create a new Website.
c) Point the Newly created website to the SRA Tool - Web UI directory and set index.html as the initial document
d) Test http(s)://127.0.0.1/sra
The SRA Tool was written with a particular deployment scenario in mind: single server/VM hosting and running on an internal LAN (e.g. a corporate network not exposed to the public internet). Also, no identity management, user authentication, or role-based access controls have yet been implemented for the applications. It is suggested that Webservers hosting the tool implement TLS and Authentication and Authorization mechanisms (security standards - To be leveraged by system administrators/implementators )
Security issues with the tool itself can be reported to Intel's security incident response team via https://intel.com/security.
For More information or how to use it see (WIP)