VSAQ - Open Source Vendor Security Assessment

  • Project:



    CentOS 7

    I could not find an installation guide anywhere for this installation online. The instructions on their github are incomplete and require additonal github repos. I am putting the install instructions here so you can quickly build this servers. I encourage you to check out the demo, and possibly have vendors fill out these forms as they will tell you alot about your vendor. They could possible save your company's ass from buying software that is insecure, or perhaps at a minimum cover your ass and force management to see potential risks.

    Install required per-requisite software

    sudo yum -y install unzip
    sudo yum -y install ant 
    sudo yum -y install git
    sudo yum -y install curl
    sudo yum -y install maven
    sudo yum -y install wget
    sudo yum -y install java-1.7.0-openjdk-devel

    Install Apache

    sudo yum -y install httpd
    sudo firewall-cmd --permanent --add-port=80/tcp
    sudo firewall-cmd --permanent --add-port=443/tcp
    sudo firewall-cmd --reload
    sudo systemctl start httpd
    sudo systemctl enable httpd

    Clone Github Repos

    cd /
    sudo git clone https://github.com/google/vsaq
    cd third_party/
    sudo git clone https://github.com/google/closure-compiler
    sudo git clone https://github.com/google/closure-library
    sudo git clone https://github.com/google/closure-stylesheets
    sudo git clone https://github.com/jleyba/js-dossier
    sudo git clone https://github.com/google/safe-html-types
    sudo git clone https://github.com/google/closure-templates

    Install Dependencies

    cd /vsaq/
    sudo ./do.sh install_deps

    Check Dependencies

    sudo ./do.sh check_deps

    Build VSAQ

    sudo ./do.sh build

    Move files to public website

    sudo cp -r build . /var/www/html/

    Start Server

    sudo ./do.sh run