Mixeway is an OpenSource software that is meant to simplify the process of security assurance of projects which are implemented using CICD procedures. Mixawey is not another vulnerability scanning software - it is security orchestration tool. Mixeway frontend is based on ngx-admin dashboard - https://github.com/akveo/ngx-admin
With number of plugins for Vulnerability Scanners :
With all this available, Mixeway provides functionalities to:
- Automatic service discovery (IaaS Plugin for assets and network scans for services)
- Automatic Vulnerability Scan Configuration (Based on most recent configuration) - hands-free!
- Automatic and on-demand Vulnerability scan execution (based on policy and executed via a REST API call)
- One Vulnerability Database for all type of sources - SAST, DAST, OpenSource and Infrastructure vulnerabilities in one place
- Customizable Security Quality Gateway - a reliable piece of information for CICD to decide if a job should pass or not.
- REST API enables integration with already used Vulnerability Management systems used within the organization.
Elements of a system:
- Backend - Spring Boot REST API
- Frontend - Angular 8 application
- DB - postgres database
- Vault - password store
- MixewayHub - parent project which contain docker-compose and one click instalation
Mixeway User Interface is simple Angular 8 application based on Ngx-admin template. High level description can be found at mixeway.io
- Running and working backend API - Mixeway REST API
- NPM 6.9+
- Optionaly: ssl certificates
- Proxy setup
ng serve "--proxy-config=proxy.conf.json" "--configuration=dev" "--ssl" "--ssl-cert=/etc/pki/cert.pem" "--ssl-key=/etc/pki/key2.pem"