Purify v0.2 releases: All-in-one tool for managing vulnerability reports
All-in-one tool for managing vulnerability reports from AppSec pipelines
The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools.
Purify is designed to analyze the report of any tool if the report is in JSON or XML format. This means you don’t need any special plug-ins to process reports from your selection of tools.
Purify is able to remove duplicate results among various vulnerability scanners or tools. In addition, it can combine several results of the same tool based on some fields and it is fully configurable (no coding required). Purify does all this work to reduce the headache of the analyst.
The hierarchy of Purify is simple:
Project – the root component, can be a dedicated software project or a roaster of team projects
Unit – the direct child of a project, may represent releases, sub-projects, or any other type of separation that makes sense to you
Report – belong to a unit
Template – attached to a report and used to parse issues
Issue – extracted from a report and formatted based on a template
- Support authentication via LDAP (#16). See docs to configure it.
- New option to resolve findings – Accepted Risk (#17).
Copyright (c) 2020 faloker