OWASP Security RAT (Requirement Automation Tool) is a tool helping you manage security requirements in your agile development projects. The typical use case is:

• specify parameters of the software artifact you're developing
• based on this information, list of common security requirements is generated
• go through the list of the requirements and choose how you want to handle the requirements
• persist the state in a JIRA ticket (the state gets attached as a YAML file)
• create JIRA tickets for particular requirements in a batch mode in developer queues
• import the main JIRA ticket into the tool anytime in order to see progress of the particular tickets

Documentation

Please go to https://securityrat.github.io.

Online Demo

Check out our brand-new online demo:

url: SecurityRAT

username: demo

password: SecurityRATdemo10!

You can try it out with the demo version and can modify/add/delete requirements. The demo version will be resetted every 24 hours (CEST).

Development

Backend

Note that the Spring auto-restart feature has been disabled for performance reasons.

1. Configure the configuration files (securityrat-backend/src/main/resources/application-dev.yml and securityrat-backend/src/main/resources/application.yml) appropriately.
2. Build all modules from the project's root folder with mvn install.
3. Start the application from the securityrat-backend folder with mvn spring-boot:run.

Frontend

Note that the backend is required to listen on port 9000 (configured by default), if you want to use the live-reload feature of the frontend. Also, always ensure that there is an up-to-date NodeJS installation inside your PATH variable.

Move to the security-frontend module and start the frontend module with live reload with the command npx grunt serve.

License

This project is distributed under the Apache license, Version 2.0.