2026-01-28 09:23:30 -07:00
|
|
|
# Backend Configuration
|
|
|
|
|
PORT=3001
|
|
|
|
|
API_HOST=localhost
|
|
|
|
|
CORS_ORIGINS=http://localhost:3000
|
2026-02-02 10:50:38 -07:00
|
|
|
|
2026-05-01 21:11:47 +00:00
|
|
|
# Session secret — REQUIRED. Server will not start without this.
|
|
|
|
|
# Generate with: openssl rand -base64 32
|
|
|
|
|
SESSION_SECRET=
|
|
|
|
|
|
2026-02-02 10:50:38 -07:00
|
|
|
# NVD API Key (optional - increases rate limit from 5 to 50 requests per 30s)
|
|
|
|
|
# Request one at https://nvd.nist.gov/developers/request-an-api-key
|
|
|
|
|
NVD_API_KEY=
|
2026-03-10 15:29:33 -06:00
|
|
|
|
|
|
|
|
# Ivanti / RiskSense API (platform4.risksense.com)
|
|
|
|
|
# API key from your profile settings — does not expire like session cookies
|
|
|
|
|
IVANTI_API_KEY=
|
|
|
|
|
IVANTI_CLIENT_ID=1550
|
|
|
|
|
IVANTI_FIRST_NAME=
|
|
|
|
|
IVANTI_LAST_NAME=
|
|
|
|
|
# Set to true if behind Charter's SSL inspection proxy (replicates Python verify=False)
|
|
|
|
|
IVANTI_SKIP_TLS=false
|
Add Atlas InfoSec action plans integration
Integrate Atlas InfoSec API to manage compliance action plans directly from
the ReportingPage. Users can view, create, and update action plans for host
findings without switching to the Atlas web tool.
Backend:
- Add atlasApi.js helper with Basic Auth, TLS skip, GET/PUT/PATCH/POST
- Add atlas_action_plans_cache migration for SQLite cache table
- Add atlas.js router with sync, status, and proxy CRUD endpoints
- Mount Atlas router at /api/atlas in server.js
- Extract hostId from Ivanti host findings during sync
Frontend:
- Add AtlasBadge component (amber=needs plan, green=has plan)
- Add AtlasSlideOutPanel with plan list, create form, edit capability
- Separate active plans from inactive history in collapsible section
- Custom dark-themed plan type dropdown
- Optimistic local state shows pending plans immediately after creation
- Atlas sync button on ReportingPage toolbar
- Prepopulate finding ID in create form from clicked row
Environment:
- Add ATLAS_API_URL, ATLAS_API_USER, ATLAS_API_PASS, ATLAS_SKIP_TLS to .env.example
2026-04-23 21:52:53 +00:00
|
|
|
|
|
|
|
|
# Atlas InfoSec API (atlas-infosec.caas.charterlab.com)
|
|
|
|
|
# Service account credentials for Basic Auth — used to sync and manage action plans
|
|
|
|
|
ATLAS_API_URL=
|
|
|
|
|
ATLAS_API_USER=
|
|
|
|
|
ATLAS_API_PASS=
|
|
|
|
|
# Set to true if behind Charter's SSL inspection proxy (disables TLS cert verification)
|
|
|
|
|
ATLAS_SKIP_TLS=false
|
2026-04-28 16:36:54 +00:00
|
|
|
|
|
|
|
|
# Jira Data Center REST API
|
|
|
|
|
# VPN or Charter Network connection required for all Jira instances.
|
|
|
|
|
# Service accounts use Basic Auth (JIRA_API_USER + JIRA_API_TOKEN).
|
|
|
|
|
# PATs require ATLSUP approval and naming convention: Function - Team - ATLSUP-XXXXX
|
|
|
|
|
# Rate limits: 1440 requests/day, burst of 60/minute.
|
|
|
|
|
JIRA_BASE_URL=
|
|
|
|
|
JIRA_AUTH_METHOD=basic
|
|
|
|
|
# Basic Auth — service account credentials
|
|
|
|
|
JIRA_API_USER=
|
|
|
|
|
JIRA_API_TOKEN=
|
|
|
|
|
# PAT Auth — set JIRA_AUTH_METHOD=pat to use
|
|
|
|
|
JIRA_PAT=
|
|
|
|
|
# Default project key and issue type for creating issues from the dashboard
|
|
|
|
|
JIRA_PROJECT_KEY=
|
|
|
|
|
JIRA_ISSUE_TYPE=Task
|
|
|
|
|
# Set to true if behind Charter's SSL inspection proxy
|
|
|
|
|
JIRA_SKIP_TLS=false
|
2026-05-01 17:15:41 +00:00
|
|
|
|
|
|
|
|
# CARD Asset Ownership API (card.charter.com / card.caas.stage.charterlab.com)
|
|
|
|
|
# OAuth Bearer token auth — service account must be onboarded with the CARD team.
|
|
|
|
|
# Tokens are acquired automatically via Basic Auth and cached for 1 hour.
|
|
|
|
|
CARD_API_URL=
|
|
|
|
|
CARD_API_USER=
|
|
|
|
|
CARD_API_PASS=
|
|
|
|
|
# Set to true if behind Charter's SSL inspection proxy
|
|
|
|
|
CARD_SKIP_TLS=false
|
