Skip to content

surface-security/surface

Repository files navigation

GitHub Workflow Status (with branch) Python Django Codecov

Surface

Asset inventory tracking and security scanners.

Quickstart

AWS

For AWS, check aws-cdk folder

docker

# Clone this repo
git clone https://github.com/surface-security/surface/

# Create a `local.env` for any custom settings
touch surface/local.env

# Launch the docker stack
docker compose -f dev/docker-compose-in-a-box.yml up

# Run the "quick start" script - choose password for `admin` user
dev/box_setup.sh

Open http://localhost:8080 and login as admin.

box_setup.sh created a local Rootbox and added the example, httpx and nmap scanners images (all from here).

You might need to reload nginx and Surface so the migrations and the webserver are put in effect. You can do so with docker container restart dev-nginx-1 dev-surface-1.

Quick check:

  • add IPAddress or DNSRecord (and tag it is_external), create a Scanner using example image and choose Run scanner from the actions dropdown
  • check scan logs

Documentation

We have in-depth documentation and instructions on this repository's wiki page.