VMC Developer Toolkit - VMC (OWASP Vulnerability Management Center) is a platform designed to make vulnerability governance easier for any security specialists and SOC teams within their organisations. VMC is a great partner in any vulnerability management process, allowing automation and making your life easier. You can integrate VMC with vulnerability scanners and platforms like TheHive. Additionally, VMC takes care of asset management integrating with Ralph, whole vulnerability reporting and dashboards (Kibana) for the clear overview. VMC allows you to focus on the most important vulnerability issues within your environment.
First, you need to download all dependent repositories with the command:
git submodule update --init --recursive
Then download all dependencies with the command:
make prepare-dev
make test
make up elastic=y
make test all=y
make test modules=vmc.assets
make test tox=y
make build
make migrations
make up
We’ve made separate repository with guides and documentation available here.
In simple words VMC requires data about detections from your scanner, information about assets and updates about CVE. Thanks to that VMC can live update your focus to the most emerging threats for your assets.
Source code in this repository is covered by one of three licenses:
- the Apache License 2.0 https://www.apache.org/licenses/LICENSE-2.0
- the Apache License 2.0 compatible license
- the DSecure.me License. The default license throughout the repository is Apache License 2.0 unless the header specifies another license.
We encourage you to try our demo instance. You can get it from here Instruction how to use it is in the demo readme file
Please see our Code of conduct. We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests via issues.
Please open an issue on GitHub if you'd like to report a bug or request a feature.
If you need to contact the project team, send an email to [email protected]