npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@jupiterone/graph-qualys

v5.24.4

Published

Qualys integration for JupiterOne

Downloads

73

Readme

JupiterOne Integration

This integration is used to ingest the following data into JupiterOne:

  • Hosts / Host Assets
  • Host Vulnerabilities
  • Web Apps
  • Web App Vulnerabilities

Please see the JupiterOne Vulnerability Data Model.

The data is ingested via the Qualys API using user credentials (username and password).

Development Environment

Prerequisites

You must have Node.JS installed to run this project. If you don't already have it installed, you can can download the installer here. You can alternatively install Node.JS using a version manager like fnm or nvm.

Setup

Installing dependencies

From the root of this project, run npm install to install dependencies. If you have yarn installed, you can install dependencies by running yarn.

Loading credentials

Create a .env file at the root of this project and add environment variables to match what is in src/instanceConfigFields.json. The .env file is ignored by git, so you won't have to worry about accidentally pushing credentials.

Given this example configuration:

{
  "qualysUsername": {
    "type": "string"
  },
  "qualysPassword": {
    "type": "string",
    "mask": true
  },
  "qualysApiUrl": {
    "type": "string"
  }
}

You would provide a .env file like this:

QUALYS_USERNAME=X
QUALYS_PASSWORD=X
QUALYS_API_URL=https://qualysapi.qg3.apps.qualys.com

The snake cased environment variables will automatically be converted and applied to the camel cased configuration field. So for example, CLIENT_ID will apply to the clientId config field, CLIENT_SECRET will apply to clientSecret, and MY_SUPER_SECRET_CONFIGURATION_VALUE will apply to a mySuperSecretConfigurationValue configuration field.

Running the integration

To start collecting data, run yarn start from the root of the project. This will load in your configuration and execute the steps stored in src/steps.

Project structure

This is the expected project structure for running integrations.

src/
  /instanceConfigFields.json
  /validateInvocation.ts
  /getStepStartStates.ts
  steps/
    *.ts
    // add additional steps here

Each of the files listed above contribute to creating an integration configuration.

Additional files can be placed under src and referenced from each of the integration files.

Documentation

Development

Please reference the @jupiterone/integration-sdk development documentation for more information on how to use the SDK.

See docs/development.md for details about how to get started with developing this integration.

Integration usage and resource coverage

More information about the resources covered by this integration and how to setup the integration in JupiterOne can be found in docs/jupiterone.md.

Changelog

The history of this integration's development can be viewed at CHANGELOG.md.

Qualys API Documentation

Qualys API QUick Reference:

https://www.qualys.com/docs/qualys-api-quick-reference.pdf

Qualys API User Guide:

https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf

Qualys API (web page):

https://debug.qualys.com/qwebhelp/fo_portal/api_doc/scans/index.htm

Qualys Web Application Scanning API User Guide:

https://www.qualys.com/docs/qualys-was-api-user-guide.pdf