/track-web

Check whether a Government of Canada domain is adhering to best security practices.

Primary LanguageJavaScriptOtherNOASSERTION

CircleCI Known Vulnerabilities

Track Government of Canada domains' adherence to web security practices

This repository is one component of Track web security compliance, a web-based application that scans Government of Canada websites and reports how they are meeting good web security practices, as outlined in Information Technology Policy Implementation Notice (ITPIN): Implementing HTTPS for Secure Web Connections. track-web is a web application that displays the results of tracker, the domain scanner.

This is what it looks like with demo data:

English French
English landing page: header with title, some text, and a chart showing number of domains that enforce HTTPS French landing page: header with title, some text, and a chart showing number of domains that enforce HTTPS
English dashboard page: text, a search bar, and a table with columns: Organization, ITPIN Compliant, Enforces HTTPS, HSTS, Free of known weak protocols and ciphers, Uses approved certificates French dashboard page: text, a search bar, and a table with columns: Organization, ITPIN Compliant, Enforces HTTPS, HSTS, Free of known weak protocols and ciphers, Uses approved certificates
Documentation
Development Setup Instructions
Local Deploy Step-by-step
Deployment Docs

Developer Notes

This repository is using snyk to scan our dependencies for vulnerabilities.
Unfortunately Synk lacks the ability to detect the dependencies listed in the setup.py file. To get around this we are have the dependencies synced between the setup.py and requirements.txt (which snyk can scan) files.
If you are developing this and add an additional dependency, make sure to add it to both locations

Development Setup

For development purposes it is recommended that you install MongoDB and run the database locally.

This dashboard is a Flask app written for Python 3.5 and up. We recommend pyenv for easy Python version management.

To setup local python dependencies, you can run make setup from the root of the repository. We recommend that this is done from within a virtual environment

To prepare data for presentation, please see the tracker repository.

  • Install dependencies:
pip install -r requirements.txt
  • If developing this dashboard app, you will also need the development requirements
pip install .[development]
gem install sass bourbon neat bitters
  • If editing styles during development, keep the Sass auto-compiling with:
make watch
  • And to run the app in development, use:
make debug

This will run the app with DEBUG mode on, showing full error messages in-browser when they occur.

When running in development mode it is expected that you have a database running locally, accessible via localhost:27017.

To produce some data for the Flask app to display, follow the instructions in tracker.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

Origin

This project was originally forked from 18F and has been modified to fit the Canadian context.