Mixeway Hub

About Mixeway:

Mixeway is an OpenSource software that is meant to simplify the process of security assurance of projects which are implemented using CICD procedures. Mixawey is not another vulnerability scanning software - it is security orchestration tool.

Detailed documentation can be found here

More information and contact forms can be found here

Mixeway is a middleware between CICD and Vulnerability Scanners. From user perspective it doesn’t matter which SAST, DAST, SCA or Network Scanner You are using – all integration is done by Mixeway in the background what makes the whole proces completely unified for the user/process.

With all this available, Mixeway provides functionalities to:

• Automatic service discovery (IaaS Plugin for assets and network scans for services)
• Automatic Vulnerability Scan Configuration (Based on most recent configuration) - hands-free!
• Automatic and on-demand Vulnerability scan execution (based on policy and executed via a REST API call)
• One Vulnerability Database for all type of sources - SAST, DAST, OpenSource and Infrastructure vulnerabilities in one place
• Customizable Security Quality Gateway - a reliable piece of information for CICD to decide if a job should pass or not.
• REST API enables integration with already used Vulnerability Management systems used within the organization.

Elements of a system:

• Backend - Spring Boot REST API
• Frontend - Angular 8 application
• MixewayHub - parent project which contain docker-compose and one click instalation

Vulnerability and Scan Management

With Mixeway You can:

• CONFIGURE AND RUN ANY SCAN - It doesn’t matter which vulnerability scanners You are using. With Mixeway integration running scans from GUI/API/CICD pipeline looks exactly the same no matter of scanning software.
• VULNERABILITY MANAGEMENT - Although Vulnerability Management is not main focus of Mixeway, we still serve some of the functionalities where You can browse through findings, see dashboard statistics or create JIRA tickets just by clicking on an issue.
• THREAT PRIORITIZATION - With Mixeway Vuln Auditor each detected threat is analyzed by Neural network and categorized as one of two: Relevant threat or not important/false positive. Thanks to that CyberSec Teams can focus only on serious threats

Running Mixeway

Requirements:

• Installed unzip
• Docker and Docker-compose

# Create project directory
mkdir mixeway && cd "$_"
# Download latest release
wget https://github.com/Mixeway/MixewayHub/releases/download/v1.6.3/MixewayHub.zip
# Unzip contents
unzip MixewayHub.zip
# Run startup script
./setup.sh
# Run application
docker-compose up

startup.sh script is preparing environment variable and create self-signed certificates. As a result file with content is created:

FRONTEND_URL=https://localhost
KEYALIAS=localhost
TRUSTPASS=changeit
P12PASS=changeit
PROFILE=prod
CERTIFICATE=/pki/cert.crt
PRIVATEKEY=/pki/private.key
VAULT_ENABLED=false

Description and other options are described in details in the linked documentation

Mixeway will be avaliable at https://<your_ip>.

Supported integrations