import type { SystemInfoConfig } from './types' export const securityConfig: SystemInfoConfig = { title: 'Security System-Info', description: 'DevSecOps Dashboard mit Vulnerability Scanning und Compliance Checks.', version: '2.0', privacyNotes: [ 'Automatische CVE-Pruefung aller Dependencies', 'OWASP Top 10 Compliance', 'Container Security Scanning', 'Secret Detection in Code', ], architecture: { layers: [ { title: 'Security Dashboard', components: ['Vulnerability Overview', 'Compliance Status', 'Alerts'], color: '#ef4444' }, { title: 'Scanners', components: ['Trivy', 'Semgrep', 'Gitleaks', 'OWASP ZAP'], color: '#8b5cf6' }, { title: 'CI/CD Integration', components: ['GitHub Actions', 'Pre-commit Hooks', 'PR Checks'], color: '#10b981' }, { title: 'Reporting', components: ['SARIF', 'SBOM', 'Audit Reports'], color: '#f59e0b' }, ], }, features: [ { name: 'Vulnerability Scanning', status: 'active', description: 'Automatische CVE-Pruefung' }, { name: 'SBOM Generation', status: 'active', description: 'Software Bill of Materials' }, { name: 'Secret Detection', status: 'active', description: 'Gitleaks Integration' }, { name: 'DAST Scanning', status: 'planned', description: 'Dynamic Application Security Testing' }, { name: 'Penetration Testing', status: 'planned', description: 'Automatisierte Pen-Tests' }, ], roadmap: [ { phase: 'Phase 1: SAST (Q1)', priority: 'high', items: ['Semgrep Rules', 'CodeQL Integration', 'Custom Rules', 'False Positive Management'] }, { phase: 'Phase 2: Runtime (Q2)', priority: 'high', items: ['Runtime Protection', 'WAF Integration', 'Anomaly Detection', 'Incident Response'] }, { phase: 'Phase 3: Compliance (Q3)', priority: 'medium', items: ['SOC 2 Readiness', 'ISO 27001 Mapping', 'GDPR Technical Measures', 'Audit Automation'] }, ], technicalDetails: [ { component: 'Container Scan', technology: 'Trivy', version: '0.50+', description: 'Image Vulnerabilities' }, { component: 'SAST', technology: 'Semgrep', version: '1.x', description: 'Code Analysis' }, { component: 'Secrets', technology: 'Gitleaks', version: '8.x', description: 'Secret Detection' }, { component: 'SBOM', technology: 'CycloneDX', version: '1.5', description: 'Dependency List' }, ], auditInfo: [ { category: 'Vulnerability Status', items: [ { label: 'Kritische CVEs', value: '0', status: 'ok' }, { label: 'Hohe CVEs', value: '0', status: 'ok' }, { label: 'Mittlere CVEs', value: 'Tracking', status: 'warning' }, { label: 'Letzte Pruefung', value: 'Taeglich', status: 'ok' }, ], }, { category: 'Compliance', items: [ { label: 'OWASP Top 10', value: 'Geprueft', status: 'ok' }, { label: 'Secret Detection', value: 'Aktiv', status: 'ok' }, { label: 'Container Hardening', value: 'Umgesetzt', status: 'ok' }, { label: 'Dependency Updates', value: 'Woechentlich', status: 'ok' }, ], }, { category: 'Monitoring', items: [ { label: 'Echtzeit-Alerts', value: 'Aktiviert', status: 'ok' }, { label: 'SIEM Integration', value: 'Geplant', status: 'warning' }, { label: 'Penetration Tests', value: 'Quartalsweise', status: 'ok' }, { label: 'Bug Bounty', value: 'In Planung', status: 'warning' }, ], }, ], fullDocumentation: `

Security & DevSecOps Dashboard

1. Uebersicht

Das Security-Modul integriert Sicherheitspruefungen in den gesamten Entwicklungs- und Deployment-Prozess (DevSecOps). Es kombiniert statische Analyse, Container-Scanning und Laufzeitschutz.

2. Security-Tools

Tool	Kategorie	Funktion	Integration
Trivy	Container	Image Vulnerability Scanning	CI/CD
Semgrep	SAST	Code Pattern Matching	Pre-commit, CI
Gitleaks	Secrets	Credential Detection	Pre-commit, CI
OWASP ZAP	DAST	Web App Scanning	Staging

3. Scanning-Pipeline

┌─────────────────────────────────────────────────────────────────────┐
│                        Development Phase                             │
├─────────────────────────────────────────────────────────────────────┤
│  Pre-commit Hooks                                                    │
│  ├── Gitleaks (Secrets)                                             │
│  ├── Semgrep (Quick Rules)                                          │
│  └── Formatting/Linting                                             │
└─────────────────────────────────────────────────────────────────────┘
                                 │
                                 v
┌─────────────────────────────────────────────────────────────────────┐
│                           CI Pipeline                                │
├─────────────────────────────────────────────────────────────────────┤
│  ├── Full SAST Scan (Semgrep)                                       │
│  ├── Dependency Check (npm audit, go vuln)                          │
│  ├── Container Scan (Trivy)                                         │
│  ├── SBOM Generation (Syft)                                         │
│  └── License Compliance                                             │
└─────────────────────────────────────────────────────────────────────┘
                                 │
                                 v
┌─────────────────────────────────────────────────────────────────────┐
│                          Staging/Prod                                │
├─────────────────────────────────────────────────────────────────────┤
│  ├── DAST Scan (OWASP ZAP)                                          │
│  ├── Runtime Protection                                              │
│  └── Anomaly Detection                                               │
└─────────────────────────────────────────────────────────────────────┘

4. OWASP Top 10 Abdeckung

#	Risiko	Massnahme	Status
A01	Broken Access Control	RBAC, JWT Validation	✓
A02	Cryptographic Failures	TLS 1.3, AES-256	✓
A03	Injection	Parameterized Queries, Input Validation	✓
A04	Insecure Design	Threat Modeling, Code Review	✓
A05	Security Misconfiguration	Hardened Defaults, IaC Scanning	✓
A06	Vulnerable Components	Dependency Scanning, SBOM	✓
A07	Auth Failures	MFA, Session Management	✓
A08	Software Integrity	Signed Commits, SBOM	✓
A09	Logging Failures	Structured Logging, Audit Trail	✓
A10	SSRF	URL Validation, Network Policies	✓

5. Vulnerability Management

CVE Discovered
      │
      v
┌───────────────────┐
│ Severity Rating   │
│ Critical/High/Med │
└─────────┬─────────┘
          │
    ┌─────┴─────┐
    │ Critical? │
    └─────┬─────┘
      Yes │ No
      │   └──> Backlog mit Frist
      v
┌───────────────────┐
│ Immediate Action  │
│ - Block Deploy    │
│ - Notify Team     │
│ - Hotfix Branch   │
└───────────────────┘

6. Secret Management

Speicherung: Doppler/Vault fuer Secrets
Rotation: Automatisch alle 90 Tage
Detection: Gitleaks in Pre-commit und CI
Notfall: Sofortige Rotation bei Leak

7. Container Security

Massnahme	Implementation
Base Images	Alpine/Distroless, regelmaessig aktualisiert
Non-root User	Alle Container als non-root
Read-only FS	Wo moeglich aktiviert
Resource Limits	CPU/Memory Limits gesetzt
Network Policies	Kubernetes NetworkPolicy

8. Incident Response

Detection: Automatische Alerts, Monitoring
Triage: Schweregrad-Bewertung, Scope
Containment: Isolation, Zugriffssperre
Eradication: Ursachenbehandlung
Recovery: Wiederherstellung, Monitoring
Lessons Learned: Post-Mortem, Verbesserungen

9. Compliance-Reports

Automatisch generierte Reports:

Woechentlich: Vulnerability Summary
Monatlich: Compliance Status, SBOM
Quartalsweise: Penetration Test Results
Jaehrlich: Security Audit Report

10. Metriken

Metrik	Ziel	Messung
Mean Time to Remediate (Critical)	< 24h	Automatisch
Mean Time to Remediate (High)	< 7 Tage	Automatisch
Scan Coverage	100%	CI Pipeline
False Positive Rate	< 10%	Review

`, }