backend/.env.example

# Backend Configuration
PORT=3001
API_HOST=localhost
CORS_ORIGINS=http://localhost:3000

# NVD API Key (optional - increases rate limit from 5 to 50 requests per 30s)
# Request one at https://nvd.nist.gov/developers/request-an-api-key
NVD_API_KEY=

# Ivanti / RiskSense API (platform4.risksense.com)
# API key from your profile settings — does not expire like session cookies
IVANTI_API_KEY=
IVANTI_CLIENT_ID=1550
IVANTI_FIRST_NAME=
IVANTI_LAST_NAME=
# Set to true if behind Charter's SSL inspection proxy (replicates Python verify=False)
IVANTI_SKIP_TLS=false

# Atlas InfoSec API (atlas-infosec.caas.charterlab.com)
# Service account credentials for Basic Auth — used to sync and manage action plans
ATLAS_API_URL=
ATLAS_API_USER=
ATLAS_API_PASS=
# Set to true if behind Charter's SSL inspection proxy (disables TLS cert verification)
ATLAS_SKIP_TLS=false
Added .env configuration to remove hardcoded IP issues 2026-01-28 09:23:30 -07:00			`# Backend Configuration`
			`PORT=3001`
			`API_HOST=localhost`
			`CORS_ORIGINS=http://localhost:3000`
Added NVD lookup features and optional NVD API key in .env file 2026-02-02 10:50:38 -07:00
			`# NVD API Key (optional - increases rate limit from 5 to 50 requests per 30s)`
			`# Request one at https://nvd.nist.gov/developers/request-an-api-key`
			`NVD_API_KEY=`
Add Ivanti Workflows panel with API key auth and SQLite cache - New panel below Archer tickets showing workflow count and list - Backend proxies platform4.risksense.com workflowBatch/search via x-api-key - SQLite cache table (ivanti_sync_state) stores latest sync result - Auto-syncs on server startup if >24h stale, then every 24h via setInterval - POST /api/ivanti/workflows/sync for on-demand sync with spinner feedback - GET /api/ivanti/workflows returns cached data instantly (no live API call) - Displays id.value, name, currentState, type, createdOn per workflow - Shows last-synced timestamp and error messages inline - IVANTI_SKIP_TLS flag for Charter SSL proxy environments Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-10 15:29:33 -06:00
			`# Ivanti / RiskSense API (platform4.risksense.com)`
			`# API key from your profile settings — does not expire like session cookies`
			`IVANTI_API_KEY=`
			`IVANTI_CLIENT_ID=1550`
			`IVANTI_FIRST_NAME=`
			`IVANTI_LAST_NAME=`
			`# Set to true if behind Charter's SSL inspection proxy (replicates Python verify=False)`
			`IVANTI_SKIP_TLS=false`
Add Atlas InfoSec action plans integration Integrate Atlas InfoSec API to manage compliance action plans directly from the ReportingPage. Users can view, create, and update action plans for host findings without switching to the Atlas web tool. Backend: - Add atlasApi.js helper with Basic Auth, TLS skip, GET/PUT/PATCH/POST - Add atlas_action_plans_cache migration for SQLite cache table - Add atlas.js router with sync, status, and proxy CRUD endpoints - Mount Atlas router at /api/atlas in server.js - Extract hostId from Ivanti host findings during sync Frontend: - Add AtlasBadge component (amber=needs plan, green=has plan) - Add AtlasSlideOutPanel with plan list, create form, edit capability - Separate active plans from inactive history in collapsible section - Custom dark-themed plan type dropdown - Optimistic local state shows pending plans immediately after creation - Atlas sync button on ReportingPage toolbar - Prepopulate finding ID in create form from clicked row Environment: - Add ATLAS_API_URL, ATLAS_API_USER, ATLAS_API_PASS, ATLAS_SKIP_TLS to .env.example 2026-04-23 21:52:53 +00:00
			`# Atlas InfoSec API (atlas-infosec.caas.charterlab.com)`
			`# Service account credentials for Basic Auth — used to sync and manage action plans`
			`ATLAS_API_URL=`
			`ATLAS_API_USER=`
			`ATLAS_API_PASS=`
			`# Set to true if behind Charter's SSL inspection proxy (disables TLS cert verification)`
			`ATLAS_SKIP_TLS=false`