Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Mixeway is an OpenSource software that is meant to simplify the process of security assurance of projects which are implemented using CICD procedures. Mixawey is not another vulnerability scanning software - it is security orchestration tool.
Detailed documentation can be found here
More information and contact forms can be found here
Mixeway is a middleware between CICD and Vulnerability Scanners. From user perspective it doesn’t matter which SAST, DAST, SCA or Network Scanner You are using – all integration is done by Mixeway in the background what makes the whole proces completely unified for the user/process.
With all this available, Mixeway provides functionalities to:
Elements of a system:
With Mixeway You can:
Requirements:
# Create project directory
mkdir mixeway && cd "$_"
# Download latest release
wget https://github.com/Mixeway/MixewayHub/releases/download/v1.6.3/MixewayHub.zip
# Unzip contents
unzip MixewayHub.zip
# Run startup script
./setup.sh
# Run application
docker-compose up
startup.sh
script is preparing environment
variable and create self-signed certificates. As a result file with content is created:
FRONTEND_URL=https://localhost
KEYALIAS=localhost
TRUSTPASS=changeit
P12PASS=changeit
PROFILE=prod
CERTIFICATE=/pki/cert.crt
PRIVATEKEY=/pki/private.key
VAULT_ENABLED=false
Description and other options are described in details in the linked documentation
Mixeway will be avaliable at https://<your_ip>
.
Software | Type | Versions | Notes |
---|---|---|---|
Acunetix | DAST Scanner | 10.0 + | Full scope |
Burp Enterprise Edition | DAST Scanner | 2021.10 + | Full scope |
Fortify | SAST Scanner | 16,17,21 | Downnloading results, creating scan require additional software |
Checkmarx | SAST Scanner | 9 + | Full Scope |
Dependency Track | SCA Scanner | 3+ | Full Scope |
Nexus IQ | SCA Scanner | 140+ | Full Scope - integration under development |
Nessus | Network Scanner | 6 | Full Scope |
GVM aka OpenVAS | Network Scanner | 18+ | Full Scope, require additional software |
AWS | Cloud | na | Security groups, resources info download |
OpenStack | Cloud | na | Security groups, resources info download |
GCP | Cloud | na | Security groups, resources info download, integration under development |
OWASP ZAP | DAST Scanner | na | Load results from performed scan |
KICS | SAST Scanner | na | Load results from performed scan |