robbi5/pulse

Zu wie vielen Behördenwebsites ist eine sichere, verschlüsselte Verbindung möglich?

https.jetzt!

Dieses Projekt bietet eine Übersicht, ob Domains deutscher Behörden das HTTPS-Protokoll (https://) unterstützen, und - falls ja - wie stark diese Unterstützung ist.

Entstanden am OpenDataDay 2016. Domains aus dem german-gov-domains-Datensatz.

Basierend auf the pulse of the federal .gov webspace (pulse.cio.gov) von 18F/General Services Administration.

Dieses Repository ist somit ein Fork von 18F/pulse - die originale Readme hängt unten an.

Neue Domains hinzufügen/Neu scannen:

Die Domains am besten dem german-gov-domains-Datensatz hinzufügen.

Danach lassen sich mit Hilfe von domain-scan neue scan-Ergebnisse erzeugen. Dazu neben pulse das domain-scan-Repo auschecken und Abhängigkeiten installieren:

cd ..
git clone https://github.com/18f/domain-scan.git
cd domain-scan
pip3 install --user -r requirements.txt
cd ..
cd pulse

und pulse mittels make update_httpsjetzt updaten.

---

The pulse of the federal .gov webspace

How the .gov domain space is doing at best practices and federal requirements.

Documentation	Other Links
Setup and Deploy Instructions	System Security Plan
a11y scan process	Ideas for new sections to add to the site
Ongoing Work	Backlog of feature requests and ideas
ATO artifacts	Open Source Reuse of the site
Project Information

Setup

Pulse is a Flask app written for Python 3.5 and up. We recommend pyenv for easy Python version management.

• Install dependencies:

pip install -r requirements.txt

• If developing the stylesheets, you will also need Sass, Bourbon, Neat, and Bitters.

gem install sass bourbon neat bitters

• If editing styles during development, keep the Sass auto-compiling with:

make watch

• And to run the app in development, use:

make debug

This will run the app with DEBUG mode on, showing full error messages in-browser when they occur.

Initializing dataset

To initialize the dataset with the last production scan data and database, there's a convenience function:

make data_init

This will download (using curl) the current live production database and scan data to the local data/ directory.

Install domain-scan and dependencies

Download and set up domain-scan from GitHub.

domain-scan in turn requires pshtt and sslyze. These can be installed directly via pip.

Pulse requires you to set one environment variable:

• DOMAIN_SCAN_PATH: A path to domain-scan's scan binary.

However, if you don't have pshtt and sslyze on your PATH, then domain-scan may need you to set a couple others:

• PSHTT_PATH: Path to the pshtt binary.
• SSLYZE_PATH: Path to the sslyze binary.

Configure the AWS CLI

To publish the resulting data to the production S3 bucket, install the official AWS CLI:

pip install awscli

And link it to AWS credentials that allow authorized write access to the pulse.cio.gov S3 bucket.

Then run it

From the Pulse root directory:

python -m data.update

This will kick off the domain-scan scanning process for HTTP/HTTPS and DAP participation, using the .gov domain list as specified in meta.yml for the base set of domains to scan.

Then it will run the scan data through post-processing to produce some JSON and CSV files the Pulse front-end uses to render data.

Finally, this data will be uploaded to the production S3 bucket.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.