Skip to content

BeSLighthouse

What is BeSLighthouse?

BeSlighthouse is community dashboard for security assessment of Open-Source Security Tech Stacks.

How to run BeSLighthouse locally?

  1. Clone the BeSLighthouse project locally.

    git clone https://github.com/Be-Secure/BeSLighthouse

  2. Install all the required dependency in BeSLighthouse.

    cd BeSLighthouse
pip install -r requirements.txt

  3. Run the application using mkdocs

    mkdocs serve

What BeS Tech Stack

BeSLighthouse support five type of Tech Stack which is being listed in Project Of Interest, below is detail explanation about it.

  • DevOps [DO]: Be-Secure tech stacks to secure open source devops tools eg. Ansible, Puppet etc...
  • Language and framework [L&F]: Be-Secure tech stacks to secure language and framework built on generic languages e.g: Ruby & Rails, PHP & Symphony, Python & Django, JavaScript & Angular/NodeJs etc...
  • Application [A]: Be-Secure tech stacks for fully function open-source application like Drupal, magneto, odoo etc...
  • Distributed & Decentralized Application [DA]: Be-Secure tech stacks for distributed and decentralized Distributed application, few e.g: are Blockchain frameworks like Hyperledger Indy, Hyperledger Fabric, Quorum etc...
  • Open-source Security Tool [s]: Be-Secure tech stacks for open-source security tools eg: ZAP, BeEF etc.

There are many languages which are being tracked in BeSLighthouse like: JavaScript, Java, C, C++, python etc...

Version history in BeSLighthouse

  1. Version history contains the detail about the project like:
    • Project name.
    • BeS Tracking ID.
    • BeS Tech Stack.
    • Description about the project.
    • Release Date of the track project.
    • Known Vulnerability count.
    • Version of project being track.
  2. Assessment Report which give overview about the assessment being done like:
    • Scorecard.
    • Criticality Score.
    • Sonarqube report.
    • Codeql report.
    • SBOM report.
    • Fossology report.
    • Fuzz report.
    • snyk report.
  3. Show the graph of the Vulnerabilities have been found for the version being track:
    • No_of_Vulnerabilities
    • DoS
    • Code_Execution
    • ByPass_something
    • Sql_Injection
    • XSS
    • Overflow
    • Memory_Corruption
    • Directory_Traversal
    • Http_Response_splitting
    • No_of_expoloits
    • File_Inclusion
    • Gain_Information
    • Gain_Privileges
    • CSRF
Back to top