status: Check latest version
Welcome to Vulnerability Catalog project, a catalog for Information Security Management designed for environments with multiple or diffuse vulnerability-related information sources.
Vulnerability catalog is a WEB application written in Python/Django/JavaScript that offers a visual, organized, centralized and easy-to-use vulnerability management tool that act as a single point of control of the vulnerabilities found at your environment. The idea is to consolidate all the reported vulnerabilities, keep track of their lifecycle (discovery, risk analysis and treatment) and, by providing a panoramic view of the environment status and get insights about how to reduce risks while reducing the traditional vulnerability management overhead.
By providing a way to relate all vulnerabilities using the same measurement basis, business risks and vulnerabilities severities can be calculated more accurately, removing the inherent biases derived from the providers' evaluation.
It also offers a Panorama for insights about what need to be improved, to reduce development mistakes, design better strategies, reduce risks and keeping track of all environment status and effort progresses by acting as a visual roadmap and a timeline to vulnerabilities management efforts.
By the way, take a look at the project's Roadmap and projects for updates and more details about what is going on.
You can also chech our Wiki to documentation and more information.
See also Catalog running into an Android mobile:
Please, refer to wiki for fresh information.
The idea to start this effort came from my experience trying to keep track of vulnerabilities during the Olympic and Paralympic Games at Rio 2016 - The Rio de Janeiro Olympics. During that time, I realized three important things concerning vulnerability management:
- it is hard to centralize all information we got from vulnerability reports, assessments, pentests, user/peers report in a consistent way.
- it is hard to put relevant information, like risks and severity, in a common (and normalized) base.
- it is hard to visualize and get insights about the enviroment when we have multiple and diffuse sources of data, comming from .pdf, .xslx, .doc files or even by e-mail or other channels.
So, Vulnerability catalog emerges trying to address and make things like that a little bit easier. With Catalog, we can unify, put data into a normal basis and manage vulnerabilities better than if you try to do this by using sheets or reading reports one-by-one each time.
Django requires some additional steps in order to be safetly deployed at production environments. Take a look at
- https://docs.djangoproject.com/en/2.0/howto/deployment/
- https://docs.djangoproject.com/en/2.0/howto/deployment/wsgi/uwsgi/
- https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Deployment
to understand the details before put it into production.
Many thanks to
- Victor Carvalho (https://www.behance.net/VictorjCarvalho), for logo design.
- Barbara Camara for suggestions and point me the right persons.
- Andrea Fabrete, for important improvement insights and suggestions.
- Beatriz Lima, for watching changes and suggest new ideas.
- Paulo Caldas, for stress the project concept, making it more mature.
and others (you know who you are) for important feedbacks and to keep me straight in my path.
Please check at Catalog's projects for more details.
License: MIT License. Author: Daniel Avelino
Proudly made in 