VSAQ - Open Source Vendor Security Assessment



  • Project:
    VSAQ

    Github:
    https://github.com/google/vsaq

    Demo:
    https://vsaq-demo.withgoogle.com/

    OS:
    CentOS 7

    I could not find an installation guide anywhere for this installation online. The instructions on their github are incomplete and require additonal github repos. I am putting the install instructions here so you can quickly build this servers. I encourage you to check out the demo, and possibly have vendors fill out these forms as they will tell you alot about your vendor. They could possible save your company's ass from buying software that is insecure, or perhaps at a minimum cover your ass and force management to see potential risks.

    Install required per-requisite software

    sudo yum -y install unzip
    sudo yum -y install ant 
    sudo yum -y install git
    sudo yum -y install curl
    sudo yum -y install maven
    sudo yum -y install wget
    sudo yum -y install java-1.7.0-openjdk-devel
    

    Install Apache

    sudo yum -y install httpd
    sudo firewall-cmd --permanent --add-port=80/tcp
    sudo firewall-cmd --permanent --add-port=443/tcp
    sudo firewall-cmd --reload
    sudo systemctl start httpd
    sudo systemctl enable httpd
    

    Clone Github Repos

    cd /
    
    sudo git clone https://github.com/google/vsaq
    
    cd third_party/
    
    sudo git clone https://github.com/google/closure-compiler
    
    sudo git clone https://github.com/google/closure-library
    
    sudo git clone https://github.com/google/closure-stylesheets
    
    sudo git clone https://github.com/jleyba/js-dossier
    
    sudo git clone https://github.com/google/safe-html-types
    
    sudo git clone https://github.com/google/closure-templates
    
    

    Install Dependencies

    cd /vsaq/
    sudo ./do.sh install_deps
    

    Check Dependencies

    sudo ./do.sh check_deps
    

    Build VSAQ

    sudo ./do.sh build
    

    Move files to public website

    sudo cp -r build . /var/www/html/
    

    Start Server

    sudo ./do.sh run