### Docker Installation - As Is
Source: https://github.com/mohangcsm/secops/blob/master/README.md
Steps to build and run a SECOPS Docker container for immediate use.
```bash
$ docker build --rm -t secops .
$ docker run --rm -d -p 80:80 -p 443:443 secops
```
--------------------------------
### SECOPS Installation
Source: https://github.com/mohangcsm/secops/blob/master/README.md
Instructions for installing the SECOPS framework, including cloning the repository and installing dependencies.
```bash
git clone https://github.com/mohangcsm/secops.git
pip install -r requirements.txt
```
--------------------------------
### Configuration - HTTPS Support
Source: https://github.com/mohangcsm/secops/blob/master/README.md
Steps to configure SECOPS for HTTPS support, including SSL certificate setup and `run.py` modifications.
```python
# Generate or procure an SSL certificate and keyfile
# move the certificate and key file to SECOPS server.
# update the Domain settings in config.py file (HTTPS port, certificate path, key file path etc)
# uncomment the HTTPS section in run.py file and make sure to comment out the HTTP section.
```
--------------------------------
### Docker Installation - Continuous Development
Source: https://github.com/mohangcsm/secops/blob/master/README.md
Steps to build and run a SECOPS Docker container for continuous development, including building temporary and final images.
```bash
$ git clone https://github.com/mohangcsm/secops.git
$ cd secops
$ docker build -f Dockerfile --rm -t secops1 .
$ docker build -f Dockerfile2 --rm -t secops .
$ docker run --rm -v $(pwd):/app -d -p 80:80 -p 443:443 secops
```
--------------------------------
### Python 2 and 3 Compatibility Troubleshooting
Source: https://github.com/mohangcsm/secops/blob/master/README.md
This section provides guidance on managing Python 2 and Python 3 environments, particularly when dealing with project dependencies. It explains how to differentiate commands for installing packages using either Python version.
```bash
# To call default python scripts (likely Python 2 if both are installed)
python -m pip install ...
# or
pip install ...
# To call only Python 3 scripts
py -m pip install ...
# or
pip3 install ...
```
--------------------------------
### Add New Closing Option for Security Reviews
Source: https://github.com/mohangcsm/secops/blob/master/README.md
This snippet shows how to add a new closing option for security reviews by editing the `application/static/options.json` file. It provides an example of adding 'Business Logic Validated' to the `sec_bug` options.
```json
{
"sec_bug" : {
"Fix Verified Dynamically" : "fix_verified",
"Code Review Done" : "code_verified",
"Business Logic Validated" : "bus_logic_valid"
}
}
```
--------------------------------
### Add New Security Request Type
Source: https://github.com/mohangcsm/secops/blob/master/README.md
This snippet demonstrates how to add a new security request type by updating the `application/static/request_options.json` file. It includes examples for modifying the `base_options` dropdown and defining HTML form elements for the new request type.
```json
{
"Others" : {
"PRD Document Review" : "prd_review",
"Architecture Review" : "arch_review",
"Security Bug" : "sec_bug",
"Others" : "others",
"new type of review" : "new_type_of_review"
}
}
```
```json
{
"new_type_of_review" : [
{
"label" : "Enter Name here",
"name" : "name",
"innerHtml" : "",
"elementType" : "textarea"
}
]
}
```
--------------------------------
### Running SECOPS
Source: https://github.com/mohangcsm/secops/blob/master/README.md
How to run the SECOPS server and access it via a web browser.
```bash
python run.py
# Server can be accessed from http://server_ip or https://server_ip
```
--------------------------------
### Configuration - Basic Settings
Source: https://github.com/mohangcsm/secops/blob/master/README.md
Essential configuration parameters to update in `config.py` before running SECOPS, including authentication and Jira settings.
```python
# Update values for GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, SECRET_KEY, ALLOWED_DOMAIN etc
# edit the port of the app (Default: 80)
# update the JIRA_SETTINGS with jira url and credentials. use jira access token instead of password
# update the JIRA_TRANSTIONS according to 1factor workflow
# update external page links settings as required.
# create a default user (appsec) in JIRA or update DEFAULT_USER in config with any one of the jira user
```
--------------------------------
### Configuration - Peer Review
Source: https://github.com/mohangcsm/secops/blob/master/README.md
Configuration steps to enable and customize the peer review and approval process in SECOPS.
```python
# update the PEER_REVIEW_ENABLED=True
# update the values in PEER_REVIEW_REQUIRED_FOR with type of reviews that you require 2nd level approval
# update the JIRA_TRANSTIONS values according to 2factor workflow
```
--------------------------------
### HTML and Jinja Structure
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/search_tickets.html
Basic HTML structure including Jinja includes and extends for navigation and footer. Also includes CSS classes for styling.
```html
{% include "nav.html" %}
{% extends "footer.html" %}
```
--------------------------------
### Bootstrap Popover Initialization
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/new_secreview.html
Initializes Bootstrap popovers for all elements with the 'data-toggle="popover"' attribute. This enhances user experience by providing contextual information on hover or click.
```javascript
$(function (){
$("[data-toggle='popover']").popover();
});
```
--------------------------------
### Navigation and Security Links
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/nav.html
This snippet displays the main navigation structure of the SecOps project. It includes links to the home page, new security reviews, a library inventory, Confluence links for security assurance and knowledge base, and various security policies such as Infosec, Awareness, and VRM. It also conditionally displays links for closing tickets and user authentication (login/logout) based on session variables.
```html
SecOps Navigation
```
--------------------------------
### Navigation Inclusion
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/login.html
Includes a navigation bar from a separate HTML file, promoting code reusability and consistent UI design.
```html
{% include "nav.html" %}
```
--------------------------------
### JavaScript Popover Initialization
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/search_tickets.html
Initializes Bootstrap popovers for elements with the 'data-toggle="popover"' attribute using jQuery. This enhances user experience by providing contextual information on hover or click.
```javascript
$(function (){ $("[data-toggle='popover']").popover(); });
```
--------------------------------
### HTML Structure and Jinja Templating
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/close_tickets.html
This snippet showcases the basic HTML structure of the SECOPS project, including Jinja templating for dynamic content rendering, conditional logic, and inclusion of navigation elements. It handles messages, user greetings, and displays security review and bug counts.
```html
{% include "nav.html" %}
body { /*background: url("back1.jpg") no-repeat center center fixed; */ background-size: cover; }
.hidden { display: none; }
.shown { display: block; }
{% if message %}
× {{ message | safe }}
{% endif %}
### Welcome {{session.email}}
{% if secreview_string != "" %}
#### Open Security Reviews : {{ secreview_count }}
{{secreview_string|safe}}
{% endif %} {% if secbugs_string != "" %}
#### Open Security Bugs : {{ secbugs_count }}
{{secbugs_string|safe}}
{% endif %}
issue_status = ""; issue_key = "";
back
Ticket No #
Title # summary
Status #
Due Since #
Test Cases Covered
Select Approver # var REVIEW_APPROVERS = {{REVIEW_APPROVERS|safe}}; var input_select = document.getElementById('REVIEW_APPROVERS'); $.each(REVIEW_APPROVERS, function(key,value){ if(value != "{{session.email}}") { var op = document.createElement("option"); op.value = value; op.text = value; input_select.appendChild(op); } });
#### Any Additional Comments? (Mandatory for Reject)
##### Followup Issue
×
Ticket No #
Title # summary
Status #
Requesting For #
Due Since #
Assignee #
Followup Comment:
Close
{% extends "footer.html" %}
```
--------------------------------
### Project Dependencies
Source: https://github.com/mohangcsm/secops/blob/master/requirements.txt
This section lists the Python packages and their versions used in the project. These dependencies cover various functionalities including web framework, API clients, security libraries, and utility tools.
```python
certifi==2020.6.20
cffi==1.14.0
chardet==3.0.4
click==7.1.2
cryptography==3.0
defusedxml==0.6.0
enum34==1.1.10
Flask==1.1.2
Flask-OAuth==0.12
gevent==20.6.2
greenlet==0.4.16
httplib2==0.18.1
idna==2.10
ipaddress==1.0.23
itsdangerous==1.1.0
Jinja2==2.11.2
jira==2.0.0
MarkupSafe==1.1.1
oauth2==1.9.0.post1
oauthlib==3.1.0
pbr==5.4.5
pycparser==2.20
PyJWT==1.7.1
requests==2.24.0
requests-oauthlib==1.3.0
requests-toolbelt==0.9.1
six==1.15.0
urllib3==1.25.9
Werkzeug==0.16.1
zope.event==4.4
zope.interface==5.1.0
```
--------------------------------
### HTML Structure and Jinja Templating
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/index.html
This HTML snippet includes Jinja2 templating for dynamic content rendering. It sets up navigation, displays messages, and provides options for selecting different security dashboards. It also includes basic CSS for styling elements like loaders and modals.
```html
{% include "nav.html" %}
{% if message %}
× {{ message | safe }}
{% endif %}
Security Metrics Dashboard
Choose a dashboard: Select Dashboard {% if session.appsec_user %} All Issues By Severity {% endif %} Jiras in 2 Weeks Open Tickets in 2 Weeks {% if session.access_token %} My Metrics {% endif %}
...
...
Close
Loading ...
body { /*background: url("back1.jpg") no-repeat center center fixed;*/ background-size: cover; }
.loader { position: absolute;
top: 50%;
left: 50%;
margin: -50px 0px 0px -50px;
}
.box { height: 10vw;
width: 10vw;
}
.modal-header, h4, .close { background-color: #182530;
color:white !important;
text-align: center;
font-size: 30px;
}
.modal-content{
background-color: #e6e6e6;
}
.modal-footer {
background-color: #182530;
}
.center {
align-self: center;
text-align: center;
}
.border {
border: solid 0px black;
}
.pad {
padding: 1vw;
}
.pad-top {
padding-top: 2.5vw;
}
.pad-bottom {
padding-bottom: 2.5vw;
}
.dashboard {
margin-top: 1.5vw;
}
.x400x {
height: 400px;
}
#message {
margin-top: 30px;
}
.issues_body {
vertical-align: middle;
text-align: left;
overflow-y: scroll;
max-height: 500px;
min-height: 250px;
}
.state {
color: #55AA00;
}
body { background-color: white; }
{% extends "footer.html" %}
```
--------------------------------
### JavaScript for Interactive Features
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/close_tickets.html
This JavaScript code handles several interactive features within the SECOPS application. It includes initializing tooltips, managing dynamic content display, populating dropdowns based on user roles, and implementing a 'follow-up' mechanism for issues with asynchronous data handling.
```javascript
$('.icon_info').tooltip();
function check_status(){
var ticket_status = $('#ticket_status').val();
var not_allowed = ["Backlog","To Do", "ToStart", "Open"];
if(not_allowed.includes(ticket_status)) alert("Issue is not in In-Progress state; Only Reject action is allowed.");
return !not_allowed.includes(ticket_status);
}
var peer_review_enabled = {{peer_review_enabled|safe}};
PEER_REVIEW_REQUIRED_FOR = [];
if(peer_review_enabled) PEER_REVIEW_REQUIRED_FOR = {{PEER_REVIEW_REQUIRED_FOR|safe}};
window.follow_message = "";
window.ticket_id = "";
console.log('text');
window.assignee = "{{config.DEFAULT_USER|e}}";
function followup(key, status, summary, requestingfor, due_days, follow_class,assigned){
if(assigned == "None") assigned = window.assignee;
else window.assignee = assigned;
document.getElementById('follow_key').innerHTML = key;
document.getElementById('follow_summary').innerHTML = summary;
document.getElementById('follow_status').innerHTML = status;
document.getElementById('follow_requestingfor').innerHTML = requestingfor;
document.getElementById('follow_due_days').innerHTML = due_days+" days";
$('#follow_due_days').addClass('label-'+follow_class);
document.getElementById('follow_assignee').value = assigned;
window.ticket_id = key;
window.follow_message = "Hey, \n\nThis issue is pending from "+due_days+" days. Request you to provide an update as soon as possible.\n\n";
console.log(window.follow_message);
$('#follow_comment').html(window.follow_message);
}
function doFollowup(){
const form = document.getElementById('followup_form');
var form_data = new FormData(form);
form_data.append('ticket_id',window.ticket_id);
form_data.append('comment',$('#follow_comment').val());
form_data.append('assigned',$('#follow_assignee').val());
window.assignee = "{{config.DEFAULT_USER|e}}";
fetch(form.action, {
method: form.method,
body: form_data,
}).then(response => {
return response.json();
}).then(data => {
alert(data.message);
$('#form_close').click();
}).catch(err => {
console.log(err);
console.log("Error Occured while fething api : "+form.action);
});
}
```
--------------------------------
### SECOPS Framework Benefits
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/login.html
Outlines the functional benefits of the SECOPS Framework compared to a common bug/issue tracking system, highlighting its advantages for security teams.
```markdown
- Helps Security Teams to gather initial information in a systematic way.
- Allows to integrate various other security tools via REST Apis.
- Bring audit capabilities to different types of security operations.
```
--------------------------------
### Footer Inclusion
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/login.html
Includes a footer from a separate HTML file, ensuring a consistent footer across different pages.
```html
{% extends "footer.html" %}
```
--------------------------------
### Login Link
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/login.html
Provides a direct link to the login page, often used for user authentication.
```html
```
--------------------------------
### CSS Styling for UI Elements
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/inventory.html
CSS rules for styling various UI components, including a background image, loader, modal dialogs, padding, and specific element dimensions. These styles enhance the user interface and experience.
```css
body {
/*background: url("back1.jpg") no-repeat center center fixed; */
background-size: cover;
}
.loader {
position: absolute;
top: 50%;
left: 50%;
margin: -50px 0px 0px -50px;
}
.box { height: 10vw; width: 10vw; }
.modal-header, h4, .close {
background-color: #182530;
color:white !important;
text-align: center;
font-size: 30px;
}
.modal-content{
background-color: #e6e6e6;
}
.modal-footer {
background-color: #182530;
}
.center { align-self: center; text-align: center; }
.border { border: solid 0px black; }
.pad { padding: 1vw; }
.pad-top { padding-top: 2.5vw; }
.pad-bottom { padding-bottom: 2.5vw; }
.dashboard { margin-top: 1.5vw; }
.x400x { height: 400px; }
#message { margin-top: 30px; }
.issues_body {
vertical-align: middle;
text-align: left;
overflow-y: scroll;
max-height: 500px;
min-height: 250px;
}
.state { color: #55AA00; }
body { background-color: white; }
```
--------------------------------
### CSS Styling for SECOPS UI
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/close_tickets.html
This snippet defines various CSS classes used within the SECOPS project for styling elements. It includes classes for general layout, text colors, and interactive element states, contributing to the user interface's visual presentation.
```css
body { /*background: url("back1.jpg") no-repeat center center fixed; */ background-size: cover; }
.hidden { display: none; }
.shown { display: block; }
$('.icon_info').tooltip();
.container { width: 100%; }
.red { color: red; }
.blue { color: blue;}
.green { color: green; }
.orange { color: orange; }
```
--------------------------------
### Dynamic Dropdown Generation
Source: https://github.com/mohangcsm/secops/blob/master/application/templates/new_secreview.html
Generates an HTML dropdown menu dynamically based on a JavaScript object. It iterates through nested options to create a structured selection list, intended for user input forms.
```javascript
var base_options = request_options_all['base_options'];
msg = '