Purify v0.2 releases: All-in-one tool for managing vulnerability reports

purify

All-in-one tool for managing vulnerability reports from AppSec pipelines

Why

The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools.

Purify is designed to analyze the report of any tool if the report is in JSON or XML format. This means you don’t need any special plug-ins to process reports from your selection of tools.

Purify is able to remove duplicate results among various vulnerability scanners or tools. In addition, it can combine several results of the same tool based on some fields and it is fully configurable (no coding required). Purify does all this work to reduce the headache of the analyst.

Collect all security findings in one place, review/validate/track them, collaborate, get notifications(Slack), export them into tracking systems(Jira) and so on.

Architecture

The hierarchy of Purify is simple:

1. Project – the root component, can be a dedicated software project or a roaster of team projects

2. Unit – the direct child of a project, may represent releases, sub-projects, or any other type of separation that makes sense to you

3. Report – belong to a unit

4. Template – attached to a report and used to parse issues

5. Issue – extracted from a report and formatted based on a template

Changelog v0.2

• Support authentication via LDAP (#16). See docs to configure it.
• New option to resolve findings – Accepted Risk (#17).

Install

Copyright (c) 2020 faloker