Skip to content

AkshayO3/secureGuard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
cmd/api
cmd/api
 
 
internal
internal
 
 
k8s
k8s
 
 
migrations
migrations
 
 
secureguard-helm
secureguard-helm
 
 
.Dockerignore
.Dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

SecureGuard - Security Management Platform

SecureGuard is a Go-based security management platform for tracking assets, vulnerabilities, and incidents. It provides robust role-based access control (RBAC), secure data handling, and a RESTful API built with Gin.

Features

  • Role-Based Access Control (RBAC):
    • Admin: Full access to all operations
    • Analyst: Create/manage incidents, vulnerabilities, assets
    • Viewer: Read-only access
  • Management Modules:
    • Assets with vulnerability mapping
    • Vulnerability tracking
    • Incident management
  • Security:
    • Bcrypt password hashing
    • SQL injection prevention
    • Prepared statements for database security

Architecture

graph TD
    A[User] --> B[Ingress]
    B --> C[SecureGuard API]
    C --> D[(PostgreSQL)]
    C --> E[RBAC Auth]
Loading

Technologies

Component Technology
Language Go 1.19+
Framework Gin
Database PostgreSQL 14+
Container Docker 20.10+
Orchestration Kubernetes 1.24+
Packaging Helm 3.8+

Quick Start

1. Docker Compose (Development)

docker-compose up -d

Access API at http://localhost:8080

2. Kubernetes Deployment

Prerequisites

  • Kubernetes cluster (v1.24+)
  • PostgreSQL instance (or use included db-statefulset.yaml)

Steps:

  1. Create namespace: 
    kubectl create namespace secureguard
  2. Apply manifests: 
    kubectl apply -f kubernetes/

3. Helm Deployment

helm install secureguard ./helm \
  --set postgres.enabled=true \
  --namespace secureguard

Kubernetes Components

The kubernetes/ directory contains:

  • api-depl.yaml: SecureGuard API deployment
  • api-svc.yaml: ClusterIP service
  • ingress.yaml: Ingress configuration
  • ingress-class.yaml: Ingress Class
  • db-sfs.yaml: PostgreSQL StatefulSet
  • db-svc.yaml: Headless PostgreSQL service
  • migrations.yaml: Database Migrations
  • namespace.yaml: Namespace configuration
  • secret.yaml: Secret configuration

Helm Chart Structure

secureguard-helm/
├── Chart.yaml
├── templates/
│   ├── api-depl.yaml
│   ├── api-svc.yaml
│   ├── db-sfs.yaml
│   ├── db-svc.yaml
│   ├── ingress.yaml
│   ├── ingress-class.yaml
│   ├── migrations.yaml
│   ├── namespace.yaml
│   ├── secret.yaml
└── values.yaml

Configuration

Set environment variables in config.yaml:

database:
  DB_URL: "postgres-hl.secureguard.svc.cluster.local"
  POSTGRES_USER: "admin"
  POSTGRES_PASSWORD: "securepassword"
api:
  PORT: 4000

API Endpoints

Method Endpoint Description
POST /users/register Register new user
POST /users/login Authenticate user
GET /assets List all assets (RBAC protected)
POST /vulnerabilities Create vulnerability record

Production Deployment Best Practices

  1. Database:
  • Use cloud-managed PostgreSQL (RDS, Cloud SQL)
  • Enable automated backups

  1. Security:

    kubectl create secret generic db-creds \
  --from-literal=username=admin \
  --from-literal=password='S3cure!P@ss' \
  -n secureguard

  2. Monitoring:

  • Add Prometheus annotations to deployments
  • Configure Grafana dashboards

Troubleshooting

Database Connection Issues:

  1. Verify DNS resolution: 
    kubectl exec -it <api-pod> -- nslookup postgres-hl
  2. Check PVC binding status: 
    kubectl get pvc -n secureguard

RBAC Errors:

  • Verify JWT_SECRET matches across deployments
  • Check role assignments in database

Contributing

  1. Fork the repository
  2. Create feature branch (git checkout -b feature/improvement)
  3. Commit changes with descriptive messages
  4. Open pull request against main branch

Resources

Additional Deployment File With Detailed Deployment Steps

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages