Skip to content

Recnoss/vulnerability-tracker

BranchesTags

Repository files navigation

Vulnerability Tracker

A modern, interactive desktop application for tracking and visualizing security vulnerabilities across teams and scanning tools.

Vulnerability Tracker Dashboard

Overview

Vulnerability Tracker is a cross-platform desktop application built with Electron and React that helps security teams monitor, analyze, and report on vulnerabilities discovered by various scanning tools. It provides a user-friendly interface for data entry, rich visualizations, and comprehensive reporting capabilities.

Features

  • Interactive Dashboard - Get an at-a-glance view of your current security posture
  • Custom Configuration - Define your own teams, scanners, and vulnerability severity levels
  • Easy Data Entry - Simple forms for adding and updating vulnerability data
  • Historical Records - Track your vulnerability metrics over time
  • Advanced Reporting - Multiple visualization options for effective communication:
    • Vulnerability trends over time
    • Severity distribution analysis
    • Team comparison charts
    • Month-over-month change tracking
  • Data Export - Export your data to CSV for additional analysis or reporting
  • Cross-Platform - Works on Windows, macOS, and Linux

Technology Stack

  • TypeScript - For type safety and better code organization
  • React - For building the user interface
  • Electron - For creating a cross-platform desktop application
  • Material UI - For modern, responsive UI components
  • Recharts - For data visualization
  • JSON Storage - For simple, file-based data persistence

Installation

Prerequisites

  • Node.js 14.x or higher
  • npm 7.x or higher

Development Setup

  1. Clone the repository:

    git clone https://github.com/recnoss/vulnerability-tracker.git
cd vulnerability-tracker

  2. Install dependencies:

    npm install

  3. Start the development server:

    npm start

Building for Production

To build the application for your current platform:

npm run package

To build for a specific platform:

# For macOS
npm run package -- --mac

# For Windows
npm run package -- --win

# For Linux
npm run package -- --linux

Usage Guide

Initial Configuration

  1. When you first launch the application, go to the Configure tab
  2. Add the teams you want to track (e.g., Frontend, Backend, Infrastructure)
  3. Add the scanners you use (e.g., Nessus, SonarQube, OWASP ZAP)
  4. Define vulnerability severity levels (default: Critical, High, Medium)

Adding Vulnerability Data

  1. Navigate to the Add Data tab
  2. Select the month for which you're entering data
  3. Choose the team and scanner
  4. Enter the number of vulnerabilities for each severity level
  5. Click "Save Data"

Viewing Reports

  1. Go to the Reports tab
  2. Choose a report type:
    • Vulnerability Trend - See how vulnerabilities change over time
    • Severity Distribution - Visualize the proportion of each severity level
    • Team Comparison - Compare vulnerability counts across teams
    • Month-over-Month - Track percentage changes between consecutive months
  3. Apply filters as needed (team, scanner, date range)
  4. Export the visualization or data for inclusion in reports

Data Structure

Vulnerability Tracker uses a simple file-based storage system:

  • Config: Teams, scanners, and severity levels are stored in a JSON configuration file
  • Vulnerability Data: Entries are stored as JSON records with date, team, scanner, and counts

Data is stored in your application data directory:

  • On macOS: ~/Library/Application Support/vulnerability-tracker/
  • On Windows: %APPDATA%\vulnerability-tracker\
  • On Linux: ~/.config/vulnerability-tracker/

Understanding the Data Model

Each vulnerability data entry represents the current state of vulnerabilities at a specific point in time, not new vulnerabilities to be added to previous months. This means:

  • If a team had 10 Critical vulnerabilities in January and 8 in February, it means 2 were fixed
  • Trends show the total number of vulnerabilities over time
  • Month-over-month changes track how the numbers change between periods

Screenshots

Dashboard Dashboard overview showing current vulnerability status

Reports Vulnerability trend analysis report

Configuration Customizing teams, scanners, and severity levels

Customization

Vulnerability Tracker is designed to be flexible and adaptable to different organizational structures and security tools:

  • Teams: Add, edit, or remove teams to match your organizational structure
  • Scanners: Configure any scanning tools your organization uses
  • Severity Levels: Define custom vulnerability categories beyond the default Critical/High/Medium

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Originally inspired by the Python-based vulnerability tracking script
  • Built using Electron React Boilerplate
  • Build using Anthropic Claude 3.7 Model

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages