最近老板要求建设资产管理与服务软件,团队人员少,只能找找开源的啦,DefectDojo基于Django框架可以搭建看看
1 前期准备
1.1 官方文档
github地址:https://github.com/DefectDojo/django-DefectDojo
官方文档:https://defectdojo.readthedocs.io/en/latest/about.html
1.2 环境版本
1.2.1 docker-compose
使用docker-compose进行安装至少需要docker 18.09.4和docker-compose 1.22.0,如果没有安装,则按照下面命令安装
cd /usr/local/bin/
wget https://github.com/docker/compose/releases/download/1.22.0/docker-compose-Linux-x86_64
rename docker-compose-Linux-x86_64 docker-compose docker-compose-Linux-x86_64
chmod +x /usr/local/bin/docker-compose
./docker-compose version
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose#加个软连接
docker-compose version
1.2.2 python版本3之上
2 安装
2.1 下载安装
执行下面的命令,进行安装
git clone https://github.com/DefectDojo/django-DefectDojo
cd django-DefectDojo
# building
docker-compose build
# running
docker-compose up执行docker-compose build时候,会报错如下:(如果build有错,也可直接up就行)
curl: (7) Failed to connect to raw.githubusercontent.com port 443: Connection refused
解决办法:
vi /etc/hosts#编辑hosts,添加如下映射
199.232.96.133 raw.githubusercontent.com
199.232.96.133 user-images.githubusercontent.com
199.232.96.133 avatars2.githubusercontent.com
199.232.96.133 avatars1.githubusercontent.com
/etc/init.d/networking restart#重启网络
service network restart#或者这种方法重启网络
可以访问下面几个网址测试是否修改成功,
curl -L https://raw.githubusercontent.com/pyupio/safety-db/master/data/insecure_full.json | bash -s stable
curl -L https://get.rvm.io | bash -s stable
2.2 登录
安装后的初始密码会出线再log里面,直接用下面命令进行查找.
# use docker-compose logs -f initializer to track progress
docker-compose logs initializer | grep "Admin password:"如果显示如下用户密码已经存在,但是自己忘记密码了密码,可以重新创建新用户及密码
docker-compose exec uwsgi /bin/bash -c 'python manage.py createsuperuser'#创建新的超级用户和密码然后访问: http://localhost:8080/或者http://10.27.22.92:8080/dashboard
