Heimdall is a centralized aggregation tool for InSpec evaluations
Heimdall supports viewing of InSpec profiles and evaluations in a convenient interface. Data uploads can be automated through usage of curl, and added as a step after an InSpec pipeline stage.
This project uses the Semantic Versioning Policy.
The master branch contains the latest version of the software leading up to a new release.
Other branches contain feature-specific updates.
Tags indicate official releases of the project.
Please note 0.x releases are works in progress (WIP) and may change at any time.
There two versions of the MITRE Heimdall Viewer - the full Heimdall and the Heimdall-Lite version. We produced each to meet different needs and use-cases.
Heimdall-Lite | Heimdall | |
---|---|---|
Installation Requirements | any web server | rails 5.x Server MongoDB instance |
Overview Dashboard & Counts | x | x |
800-53 Partition and TreeMap View | x | x |
Data Table / Control Summary | x | x |
InSpec Code / Control Viewer | x | x |
SSP Content Generator | x | x |
PDF Report and Print View | x | x |
Users & Roles & multi-team support | x | |
Authentication & Authorization | Hosting Webserver | Hosting Webserver LDAP GitHub OAUTH & SAML GitLab OAUTH & SAML |
Advanced Data / Filters for Reports and Viewing | x | |
Multiple Report Output (DISA Checklist XML, CAT, XCCDF-Results, and more) |
x | |
Authenticated REST API | x | |
InSpec Run 'Delta' View | x | |
Multi-Report Tagging, Filtering and Compairison | x |
Heimdall-Lite | Heimdall |
---|---|
Ship the App & Data via simple Email | Multiple Teams Support |
Minimal Footprint & Deployment Time | Timeline and Report History |
Local or disconnected Use | Centralized Deployment Model |
One-Time Quick Reviews | Need to view the delta between one or more runs |
Decentralized Deployment | Need to view subsets of the 800-53 control alignment |
Minimal A&A Time | Need to produce more complex reports in multiple formats |
curl -o /etc/yum.repos.d/heimdall.repo https://dl.packager.io/srv/mitre/heimdall/master/installer/el/7.repo
yum install -y heimdall
systemctl start mongod systemctl enable mongod
heimdall scale web=1
You can setup a deployment/development environment through bundler or docker.
If you wish to use docker, then the dependencies are:
- Docker
- docker-compose (installable with pip)
If you wish to use ruby and are on Ubuntu 16, then the dependencies are:
- Ruby 2.4.4
- build-essentials (your distribution's gcc package)
- Bundler
- libpq-dev
- nodejs
- mongodb
This mode is primarily for developers, shared heimdall instances should be deployed in production mode. Since this is a Ruby application it is suggested to use Rbenv or RVM for ruby version management.
- Install rbenv or RVM
- Install dependencies
apt-get install build-essential libpq-dev nodejs libxml2-dev libmagick++-dev mongodb-server -y
- Install ruby by running
rbenv install
orrvm install $(cat .ruby-version)
from the root directory of this project - Run the following in a terminal
bundle install
bundle exec rake db:create
bundle exec rake db:migrate
bundle exec rails s
(Start the server on localhost)
If you would like to use your organization's internal User authentication service, when deploying the dockerized Heimdall instance, you'll need to edit config/ldap.yml to point to your organization's LDAP server. You do not have to use your internal LDAP. However, people will have to create an account in Heimdall to perform most actions You may view ldap.example.yml for how authentication of people's internal email addresses works with a LDAP server which allows anonymous access.
These steps need to be performed once per machine in order to prepare your machine to run heimdall in Docker.
- Install Docker
- Download heimdall by running
git clone https://github.com/mitre/heimdall.git
. - Navigate to the base folder where
docker-compose.yml
is located - Run the following commands in a terminal window from the heimdall source directory:
./setup-docker-secrets.sh
docker-compose up -d
The following commands are useful for managing the data in your docker container:
* docker-compose run web rake db:reset
This destroys and rebuilds the db
* docker-compose run web rake db:migrate
This updates the db
Make sure you have run the setup steps at least once before following these steps!
- Run the following command in a terminal window:
docker-compose up -d
- Go to
127.0.0.1:3000/heimdall
in a web browser
A new version of the docker container can be retrieved by running
docker-compose pull
docker-compose up -d
docker-compose run web bundle exec rake db:migrate
This will fetch the latest version of the container, redeploy if a newer version exists, and then apply any database migrations if applicable. No data should be lost by this operation.
docker-compose down
# From the source directory you started from
You can access a Demo instance if you have access to the company's intranet at https://inspec-dev.mitre.org
You can login via the company LDAP server, or by creating a new account.
Once you have an account you can upload jsons for evaluations and profiles then view them by clicking on the evaluations and profiles tab at the top of the page.
When uploading data you may go to the circles tab, and select public. This will allow all visitors to view the profile/evaluation you uploaded.
To upload through curl you'll need an API key. This is located on your profile page which can be reached by clicking on your user name in the top right corner, then on profile.
The upload API takes three parameters: the file, your email address, and your API key.
curl -F "file=@FILE_PATH" -F email=EMAIL -F api_key=API_KEY http://localhost:3000/evaluation_upload_api
See docker-compose.yml for container configuration
Contact us for advice, we'll be able to send most people our setup.
Edit RAILS_RELATIVE_URL_ROOT line from docker-compose.yml
Set RAILS_ENV = to development in docker-compose.yml
Clone, edit, then please submit a PR with an issue number associated.
Please feel free to look through our issues, make a fork and submit PRs and improvements. We love hearing from our end-users and the community and will be happy to engage with you on suggestions, updates, fixes or new capabilities.
Please feel free to contact us by opening an issue on the issue board, or, at inspec@mitre.org should you have any suggestions, questions or issues. If you have more general questions about the use of our software or other concerns, please contact us at opensource@mitre.org.
- Robert Thew
- Aaron Lippold
- Matthew Dromazos
- Luke Malinowski
© 2018 The MITRE Corporation.
Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
MITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.
This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.
No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.
For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.