GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → atlassian-labs → connect-security-req-tester

atlassian-labs / connect-security-req-tester

Licence: Apache-2.0 License
A tool to check your Atlassian Connect app against Atlassian's security requirements.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

atlassianatlassian-connect

Projects that are alternatives of or similar to connect-security-req-tester

atlassian-connect-core
[Laravel 5.5+] The easiest way to create an add-on for the JIRA and Confluence
Stars: ✭ 42 (+200%)
Mutual labels:  atlassian, atlassian-connect
jira-cli
🔥 [WIP] Feature-rich interactive Jira command line.
Stars: ✭ 809 (+5678.57%)
Mutual labels:  atlassian
data-center-helm-charts
Helm charts for Atlassian's Data Center products
Stars: ✭ 77 (+450%)
Mutual labels:  atlassian
laravel-jira-rest-client
A Laravel interface for your Atlassians Jira application
Stars: ✭ 37 (+164.29%)
Mutual labels:  atlassian
jira.js
A JavaScript/TypeScript wrapper for the JIRA Cloud, Service Desk and Agile REST API
Stars: ✭ 156 (+1014.29%)
Mutual labels:  atlassian
quickstart-atlassian-confluence
Team collaboration with high availability and scalability on the AWS Cloud
Stars: ✭ 39 (+178.57%)
Mutual labels:  atlassian
migrate bitbucket server to bitbucket cloud
Migrate Atlassian Bitbucket Server to Bitbucket Cloud
Stars: ✭ 13 (-7.14%)
Mutual labels:  atlassian
quickstart-atlassian-jira
Jira Software Data Center and Jira Service Desk Data Center with high availability and performance
Stars: ✭ 61 (+335.71%)
Mutual labels:  atlassian
vira
Create and update your Jira issues while inside Vim!
Stars: ✭ 76 (+442.86%)
Mutual labels:  atlassian
Confluence-and-Jira
Docker部署并破解Jira、Confluence及相关插件;若图片加载不出来可以访问我的博客原文查看
Stars: ✭ 60 (+328.57%)
Mutual labels:  atlassian
prepare-commit-msg
Automatically prefix commit messages with the current branch issue number
Stars: ✭ 28 (+100%)
Mutual labels:  atlassian
vue-aui
Set of AUI (Atlassian User Interface) components in native Vue.js way.
Stars: ✭ 43 (+207.14%)
Mutual labels:  atlassian
bitbucket-asciidoc-plugin
An add-on for Atlassian Bitbucket Server to render AsciiDoc files.
Stars: ✭ 20 (+42.86%)
Mutual labels:  atlassian
JirAgileR
User-friendly 🔹JIRA API wrapper. Track projects & issues from within R
Stars: ✭ 22 (+57.14%)
Mutual labels:  atlassian

Connect Security Requirements Tester (CSRT)

CSRT Tests

The purpose of this tool is help you scan your Atlassian Connect app for compliance against the Atlassian Connect Security Requirements and potential security misconfigurations.

Usage

This utility can be run as a python script or can be built as a Docker container.

If you are unsure what option makes the most sense for you, follow the Docker setup instructions.

Python Usage

CSRT uses Python 3.9 and Pipenv. Both are required to successfully run the tool.

Common usage:

pipenv run python3 main.py https://example.com/atlassian-connect.json

CSRT with all arguments:

pipenv run python main.py url-to-atlassian-connect-json --debug=True/False --out_dir=./out --skip_branding=True/False --timeout=30 --json_logging=True/False

Docker Usage

Ensure you have Docker setup for your respective operating system.

Run the following from the project root:

  1. docker build -t connect-security-req-tester .
  2. docker run -v $(pwd)/out:/app/out connect-security-req-tester <url of descriptor>

Arguments

Argument Argument Description
--timeout Defines how long CSRT will wait on web requests before timing out, default: 30 seconds
--skip_branding Whether or not to skip branding checks, default: False
--out_dir The output directory where results are stored, default: ./out
--json_logging Whether or not to log output in a JSON format, default: False
--debug Sets logging to DEBUG for more verbose logging, default: False

Environment Variables

Variable Description
OUTBOUND_PROXY If defined, route all requests through this proxy server (eg. OUTBOUND_PROXY=http://proxy.example.com:8080)

Useful Information

This tool assumes your connect app is reachable by the machine running this tool. If your connect app is not reachable, the tool will fail to produce any meaningful results. The following internet addresses are required to be accessible for this tool to work:

  • Your connect app's descriptor URL
  • All URLs referenced inside your connect app descriptor

This tool will make network requests on from your computer. Please ensure this is allowed from your organization if running this from a monitored network.

Tip: Use a proxy by setting OUTBOUND_PROXY to your organization's proxy server if your app needs to be accessed via a proxy server.

Additional information about the Atlassian Connect Security Requirements can be found at: https://developer.atlassian.com/platform/marketplace/security-requirements-more-info/

Testing

To run the entire test suite:

  • pipenv run lint -- Runs flake8 with the project settings
  • pipenv run test -- Runs pytest with the project settings

Issues / Feedback?

Found a bug or have an idea for an improvement? Create an issue via the issue tracker.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].