Vulcan is a tool to help streamline the process of creating STIGs and InSpec security compliance profiles. It models the STIG intent form and the process of aligning security controls from SRG items into actual STIG security controls. Vulcan also gives the option while aligning the security controls to insert inspec code and test across any type of system supported by InSpec.
- Model the STIG creation process between the creator(vendor) and the approver(sponsor)
- Write and test InSpec code on a local system, or across SSH, AWS, and Docker
- Easily view the progress on what the status is of each control
- Communicate through the application to make the best decisions on controls
- Confidential data in the database is encrypted using symmetric encryption
- Authenticate via the local server, through github, and through configuring an LDAP server.
For Ruby (on Ubuntu):
- Ruby
build-essentials- Bundler
libq-dev- nodejs
- Install the version of Ruby specified in
.ruby-version - Install postgres and rbenv
- gem install foreman
- rbenv install
- bin/setup
Make sure you have run the setup steps at least once before following these steps!
- ensure postgres is running
- foreman start -f Procfile.dev
- Navigate to
http://127.0.0.1:3000
- Stop Vulcan by doing
ctrl + c - Stop the postgres server
To enable SMTP you will need to add your configuration file to config/vulcan.yml or pass in the specifications as environment variables. When SMTP is set up you should enable local_login: email_confirmation so users must confirm their email to continue.
Allows for users to to register and login not using external services.
To enable LDAP you will need to add your configuration file to config/vulcan.yml or pass in the specifications as environment variables.
A demo instance can be accessed at inspec-dev.mitre.org
See docker-compose.yml for all container configuration options.