33927b150b
- All 16 route files now import pool from ../db directly
- Removed db parameter from all factory functions
- All callbacks replaced with async/await pool.query()
- All ? placeholders converted to $1, $2... numbered params
- datetime('now') → NOW(), INSERT OR IGNORE → ON CONFLICT DO NOTHING
- LIKE → ILIKE for case-insensitive searches
- Error detection: err.code === '23505' for unique violations
- server.js no longer passes pool/db/requireAuth to route factories
- Only ivantiFindings.js still receives pool (pending task 8 rewrite)
STEAM Security Dashboard v1.0.0
A self-hosted vulnerability management dashboard for the NTS-AEO-STEAM and NTS-AEO-ACCESS-ENG business units. Centralises CVE tracking, Ivanti host finding triage, AEO compliance posture, FP/Archer/CARD exception workflows, and internal documentation in a single interface.
Quick Start
Prerequisites
- Node.js 18+
- Python 3 with
python3-pandasandpython3-openpyxl(for compliance xlsx parsing)
Install
git clone <repo-url>
cd cve-dashboard
# Backend dependencies
npm install
# Frontend dependencies
cd frontend && npm install && cd ..
# Python dependencies (Ubuntu/Debian)
apt install -y python3-pandas python3-openpyxl
Configure
cp backend/.env.example backend/.env
# Edit backend/.env — at minimum set SESSION_SECRET:
# openssl rand -base64 32
See backend/.env.example for all available options including Ivanti API, Jira, and Atlas integration keys.
Initialize Database
node backend/setup.js
Creates the database with the complete schema and prints a one-time admin password. Save it.
Build and Run
# Build frontend
cd frontend && npm run build && cd ..
# Start servers
./start-servers.sh
Dashboard: http://localhost:3000 · API: http://localhost:3001
For persistent deployments, use the systemd services in systemd/. See the full manual for setup instructions.
Features
| Feature | Description |
|---|---|
| CVE Management | Track CVEs across multiple vendors with document storage and NVD auto-fill |
| Reporting | Ivanti host finding triage with donut charts, inline editing, advanced filtering, CSV/XLSX export |
| Ivanti Queue | Personal staging list for batch FP, Archer, CARD, and Granite workflows |
| FP Workflow | Submit false positive workflows directly to Ivanti API with attachments |
| Compliance | Weekly AEO xlsx upload with diff preview, drift detection, per-team metric health cards |
| Archive Tracking | Automatic detection of disappeared/returned findings with BU reassignment classification |
| Findings Trend | Historical open vs closed chart with archive activity sparkline and shift reason tooltips |
| Jira Integration | Create, sync, and track Jira Data Center tickets linked to CVE/vendor pairs |
| Archer Tickets | Track risk acceptance exceptions (EXC numbers) linked to findings |
| CARD API | Granite/CARD asset lookup integration for network device workflows |
| Knowledge Base | Internal document library with inline PDF/Markdown viewing |
| Access Control | Four user groups (Admin, Standard_User, Leadership, Read_Only) with full audit trail |
Project Structure
cve-dashboard/
├── backend/
│ ├── server.js # Express API server
│ ├── setup.js # Database initialization (run once)
│ ├── routes/ # API route handlers
│ ├── helpers/ # API clients (Ivanti, Jira, Atlas, CARD)
│ ├── middleware/ # Auth middleware
│ ├── migrations/ # Schema migrations (for existing deployments)
│ └── scripts/ # Compliance parser, data import utilities
├── frontend/
│ ├── src/
│ │ ├── App.js # Main app with routing
│ │ ├── components/ # React components
│ │ └── contexts/ # Auth context
│ └── public/
├── docs/
│ ├── api/ # API specs (Ivanti, Atlas, Jira)
│ ├── design/ # Design system, workflow diagrams
│ ├── guides/ # User guides, full reference manual
│ ├── security/ # Security audits and remediation plans
│ ├── testing/ # Test plans and scripts
│ └── troubleshooting/ # Investigation scripts and reports
├── systemd/ # systemd service files
├── start-servers.sh
└── stop-servers.sh
Tech Stack
| Layer | Technology |
|---|---|
| Backend | Node.js 18+, Express 5, SQLite3 |
| Frontend | React 19, Recharts, Lucide React |
| Auth | bcryptjs, cookie-based sessions, express-rate-limit |
| Compliance | Python 3, pandas, openpyxl |
Documentation
- Full Reference Manual — comprehensive feature documentation, API reference, database schema, security model, and configuration details
- Migration Guide — schema migration scripts for upgrading existing deployments
- Design System — UI component patterns and color system
- Ivanti API Reference — Ivanti/RiskSense API integration details
- Jira API Use Cases — Jira Data Center API compliance summary
License
Internal use only — Charter Communications / NTS-AEO.
Designed and built by Jordan Ramos (jordan.ramos@spectrum.com)