What if you had a tamagotchi that could explore websites and collect shiny objects in the form of CVEs (Common Vulnerabilities and Exposures)?
Web developers rarely consider common vulnerabilities when developing websites. CVE Pets aims to gamify Greenbone Vulnerability Manager (formerly OpenVAS) to get developers excited about web app security.
./prod.sh# Copy environment variables
cp .env.sample .env
# Install dependencies for automatic code formatting
yarn install
# Up
kubectl config use-context docker-desktop
tilt up
# Down
tilt down- Next.js app: http://localhost:3000
- GVM dashboard: http://localhost:8080
- Tilt dashboard: http://localhost:10350
- Dockerize Next, configure automatic code formatting
- Dockerize GVM using atomicorp/openvas, scan manually
- Try Mixeway/MixewayOpenVASRestAPI abandonware (unsuccessfully)
- Fork RyanRiffle/node-omp to develop my own custom OMP library
- Switch to immauss/openvas for OMP support, scan via API request, and render CVEs
- Pokémon-style choose your starter pet
- Revalidate report on interval using SWR
- Scan user's host
- Kubernetes w/ plain directory of YAML manifests
- Tilt
- Deploy to DigitalOcean Kubernetes
- Setup CI with GitHub Actions
- Save/clear progress using localstorage
- Vulnerability details
- TypeScript
- Scan your host -> 0: You're safe! 1+: How to fix -> Next scan
- XP, level up
- CVE icons
- Nginx
- Helm
- Basic animations
- Dockerize Postgres for persistent data layer
- Add more idle RPG/gacha elements
- Add more pets
- Google login
- GitOps
- ArgoCD
- Next replicaset + OpenVas statefulset
- Trading
- Patch notes
- Community/playerbase
- Is it really necessary for OpenVAS to rebuild the NVT Cache every time it gets run? mikesplain/openvas-docker#149
- Scan takes a while to startup and complete. How can we speed this up?