Cybgiz is a cutting-edge cybersecurity solutions provider that specializes in developing microservice-based security systems. In an era where cybersecurity threats are becoming more sophisticated, our innovative approach helps organizations defend against evolving risks and safeguard their sensitive information.
- Introduction
- Key Features
- Installation
- Usage
- Architecture
- Security Components
- Contributing
- License
- Contact
The Cybgiz cybersecurity solutions offer comprehensive protection by leveraging microservice-based security systems. Our solutions encompass a wide range of security aspects, including authentication services, threat detection and response, identity and access management, and secure communication channels. By employing a modular and scalable approach, Cybgiz helps organizations enhance their security posture and mitigate the risks associated with cyber threats.
- Microservice Architecture: Cybgiz employs a microservice-based architecture, enabling flexible and modular security components that can be independently developed, deployed, and scaled.
- Authentication Services: Our solutions provide robust authentication services, ensuring secure access to systems and resources, including multi-factor authentication, single sign-on, and secure session management.
- Threat Detection and Response: Cybgiz incorporates advanced threat detection mechanisms to identify and respond to security incidents in real-time, leveraging techniques such as anomaly detection, behavior analysis, and machine learning algorithms.
- Identity and Access Management: Our solutions offer comprehensive identity and access management capabilities, including user provisioning, role-based access control, and privileged access management, enabling organizations to effectively manage user identities and control access to sensitive resources.
- Secure Communication Channels: Cybgiz ensures secure communication channels between various components and services, leveraging encryption protocols, secure socket layers (SSL/TLS), and secure APIs to protect data transmission from unauthorized access or tampering.
To install Cybgiz, please follow these steps:
- Clone the Cybgiz repository from GitHub:
git clone https://github.com/cybgiz/cybgiz.git - Install the required dependencies:
npm install - Configure the settings and environment variables according to your requirements.
- Build and deploy the microservices using the provided deployment scripts or containerization tools like Docker.
- Integrate Cybgiz components with your existing systems and security infrastructure.
Once Cybgiz is installed and deployed, you can start leveraging its cybersecurity solutions. The specific usage instructions depend on the individual components and services you choose to utilize. We provide comprehensive documentation and guides for each module to assist you in integrating and utilizing Cybgiz effectively.
To get started, refer to the documentation provided in the /docs directory of the Cybgiz repository. The documentation includes detailed information about the available APIs, configuration options, and usage examples for each module.
Cybgiz follows a microservice-based architecture, which provides several advantages, including:
- Modularity: Each security component is encapsulated as an independent microservice, allowing for independent development, deployment, and scaling.
- Scalability: With the microservice architecture, organizations can scale individual security components based on demand, ensuring optimal performance and resource utilization.
- Flexibility: The modular nature of microservices allows organizations to mix and match different components according to their specific security requirements, providing a flexible and customizable cybersecurity solution.
Cybgiz encompasses various security components that can be integrated into your organization's security infrastructure:
- Authentication Service: Provides secure authentication mechanisms, including multi-factor authentication, single sign-on, and secure session management.
- Threat Detection and Response: Employs advanced techniques, such as anomaly detection and machine learning algorithms, to detect and respond to security incidents in real-time.
- Identity and Access Management: Offers comprehensive identity and access management functionalities, including user provisioning, role-based access control, and privileged access management.
- Secure Communication Channels: Establishes secure communication channels using encryption protocols, SSL/TLS, and secure APIs to ensure data confidentiality and integrity.
We welcome contributions from the cybersecurity community to help enhance and improve Cybgiz. If you're interested in contributing, please follow the guidelines outlined in the CONTRIBUTING.md file in the Cybgiz repository.
Cybgiz is licensed under the MIT License. See the LICENSE file for more details.
Cybgiz provides flexibility in terms of deployment options. You can choose the deployment method that best suits your organization's infrastructure and requirements:
-
On-Premises Deployment: Deploy Cybgiz on your own infrastructure, allowing you to have full control and visibility over the security components. This option is suitable for organizations with strict data residency and compliance requirements.
-
Cloud Deployment: Take advantage of cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) to deploy Cybgiz. Cloud deployment offers scalability, high availability, and easy integration with other cloud services.
-
Hybrid Deployment: Combine both on-premises and cloud deployments to create a hybrid environment. This option is ideal for organizations that want to leverage the benefits of both environments while ensuring seamless integration and data synchronization.
Cybgiz is designed to seamlessly integrate with your existing cybersecurity infrastructure and third-party services. We provide integration options for:
-
Security Information and Event Management (SIEM) Systems: Integrate Cybgiz with your SIEM system to enhance threat detection and response capabilities, and centralize security event management.
-
Security Orchestration, Automation, and Response (SOAR) Platforms: Combine Cybgiz with SOAR platforms to automate incident response processes, improve efficiency, and reduce response times.
-
Endpoint Protection Platforms (EPP) and Antivirus Solutions: Integrate Cybgiz with EPP and antivirus solutions to extend protection across your network and endpoints, ensuring a comprehensive security posture.
-
Cloud Security Services: Seamlessly integrate Cybgiz with cloud security services, such as Cloud Access Security Brokers (CASB) or Cloud Workload Protection Platforms (CWPP), to secure cloud environments and workloads.
At Cybgiz, we understand the importance of providing comprehensive training and support to ensure successful implementation and utilization of our cybersecurity solutions. We offer the following resources:
-
Documentation: Access detailed documentation, including installation guides, API references, configuration instructions, and usage examples, available in the
/docsdirectory of the Cybgiz repository. -
Knowledge Base: Explore our knowledge base, which contains articles, tutorials, and best practices to help you make the most of Cybgiz and address common cybersecurity challenges.
-
Support Channels: Reach out to our dedicated support team for assistance, bug reporting, or feature requests. You can contact us via email at [email protected] or through our support portal at https://support.cybgiz.com.
-
Training Programs: Participate in our training programs, webinars, and workshops to enhance your knowledge of cybersecurity best practices, Cybgiz features, and implementation strategies.
Cybgiz prioritizes security and compliance to ensure the confidentiality, integrity, and availability of your data. Our solutions adhere to industry standards and best practices, including:
-
Data Privacy: We implement appropriate measures to protect personal data and ensure compliance with relevant data protection regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
-
Security Auditing: Cybgiz undergoes regular security audits and assessments to identify and address vulnerabilities, ensuring that our solutions meet the highest security standards.
-
Compliance Frameworks: Our solutions align with various compliance frameworks, such as the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and ISO 27001.
-
Continuous Monitoring: We employ continuous monitoring and threat intelligence to detect and respond to emerging security threats promptly.
We are committed to continuously improving Cybgiz and adding new features and capabilities to address evolving cybersecurity challenges. Our roadmap includes:
-
Enhanced Threat Intelligence: Continuously improve threat detection and response capabilities by integrating advanced threat intelligence feeds and leveraging machine learning techniques.
-
Containerization and Orchestration Support: Provide containerized versions of Cybgiz components and support popular container orchestration platforms like Kubernetes, enabling seamless deployment and scalability.
-
Extended Integrations: Expand integration options with leading cybersecurity tools, platforms, and services to provide a comprehensive and unified security ecosystem.
-
API Security Enhancements: Strengthen the security of Cybgiz APIs by implementing industry-standard security measures such as OAuth 2.0 and OpenID Connect.
We value your feedback and suggestions. If you have any feature requests or ideas for improvement, please let us know through our support channels.
Cybgiz is licensed under the MIT License. See the LICENSE file for more details.
We look forward to partnering with you to strengthen your cybersecurity defenses and protect your valuable assets.
Node is required for generation and recommended for development. package.json is always generated for a better development experience with prettier, commit hooks, scripts and so on.
In the project root, JHipster generates configuration files for tools like git, prettier, eslint, husky, and others that are well known and you can find references in the web.
/src/* structure follows default Java structure.
-
.yo-rc.json- Yeoman configuration file JHipster configuration is stored in this file atgenerator-jhipsterkey. You may findgenerator-jhipster-*for specific blueprints configuration. -
.yo-resolve(optional) - Yeoman conflict resolver Allows to use a specific action when conflicts are found skipping prompts for files that matches a pattern. Each line should match[pattern] [action]with pattern been a Minimatch pattern and action been one of skip (default if ommited) or force. Lines starting with#are considered comments and are ignored. -
.jhipster/*.json- JHipster entity configuration files -
npmw- wrapper to use locally installed npm. JHipster installs Node and npm locally using the build tool by default. This wrapper makes sure npm is installed locally and uses it avoiding some differences different versions can cause. By using./npmwinstead of the traditionalnpmyou can configure a Node-less environment to develop or test your application. -
/src/main/docker- Docker configurations for the application and services that the application depends on
Before you can build this project, you must install and configure the following dependencies on your machine:
- Node.js: We use Node to run a development web server and build the project. Depending on your system, you can install Node either from source or as a pre-packaged bundle.
After installing Node, you should be able to run the following command to install development tools. You will only need to run this command when dependencies change in package.json.
npm install
We use npm scripts and Angular CLI with Webpack as our build system.
Run the following commands in two separate terminals to create a blissful development experience where your browser auto-refreshes when files change on your hard drive.
./mvnw
npm start
Npm is also used to manage CSS and JavaScript dependencies used in this application. You can upgrade dependencies by
specifying a newer version in package.json. You can also run npm update and npm install to manage dependencies.
Add the help flag on any command to see how you can use it. For example, npm help update.
The npm run command will list all of the scripts available to run for this project.
JHipster ships with PWA (Progressive Web App) support, and it's turned off by default. One of the main components of a PWA is a service worker.
The service worker initialization code is disabled by default. To enable it, uncomment the following code in src/main/webapp/app/app.module.ts:
ServiceWorkerModule.register('ngsw-worker.js', { enabled: false }),For example, to add Leaflet library as a runtime dependency of your application, you would run following command:
npm install --save --save-exact leaflet
To benefit from TypeScript type definitions from DefinitelyTyped repository in development, you would run following command:
npm install --save-dev --save-exact @types/leaflet
Then you would import the JS and CSS files specified in library's installation instructions so that Webpack knows about them: Edit src/main/webapp/app/app.module.ts file:
import 'leaflet/dist/leaflet.js';
Edit src/main/webapp/content/scss/vendor.scss file:
@import 'leaflet/dist/leaflet.css';
Note: There are still a few other things remaining to do for Leaflet that we won't detail here.
For further instructions on how to develop with JHipster, have a look at Using JHipster in development.
Microservices doesn't contain every required backend feature to allow microfrontends to run alone. You must start a pre-built gateway version or from source.
Start gateway from source:
cd gateway
npm run docker:db:up # start database if necessary
npm run docker:others:up # start service discovery and authentication service if necessary
npm run app:start # alias for ./(mvnw|gradlew)
Microfrontend's build-watch script is configured to watch and compile microfrontend's sources and synchronizes with gateway's frontend.
Start it using:
cd microfrontend
npm run docker:db:up # start database if necessary
npm run build-watch
It's possible to run microfrontend's frontend standalone using:
cd microfrontend
npm run docker:db:up # start database if necessary
npm watch # alias for `npm start` and `npm run backend:start` in parallel
You can also use Angular CLI to generate some custom client code.
For example, the following command:
ng generate component my-component
will generate few files:
create src/main/webapp/app/my-component/my-component.component.html
create src/main/webapp/app/my-component/my-component.component.ts
update src/main/webapp/app/app.module.ts
JHipster Control Center can help you manage and control your application(s). You can start a local control center server (accessible on http://localhost:7419) with:
docker compose -f src/main/docker/jhipster-control-center.yml up
Congratulations! You've selected an excellent way to secure your JHipster application. If you're not sure what OAuth and OpenID Connect (OIDC) are, please see What the Heck is OAuth?
To log in to your app, you'll need to have Keycloak up and running. The JHipster Team has created a Docker container for you that has the default users and roles. Start Keycloak using the following command.
docker compose -f src/main/docker/keycloak.yml up
The security settings in src/main/resources/config/application.yml are configured for this image.
spring:
...
security:
oauth2:
client:
provider:
oidc:
issuer-uri: http://localhost:9080/realms/jhipster
registration:
oidc:
client-id: web_app
client-secret: web_app
scope: openid,profile,emailSome of Keycloak configuration is now done in build time and the other part before running the app, here is the list of all build and configuration options.
Before moving to production, please make sure to follow this guide for better security and performance.
Also, you should never use start-dev nor KC_DB=dev-file in production.
When using Kubernetes, importing should be done using init-containers (with a volume when using db=dev-file).
If you'd like to use Okta instead of Keycloak, it's pretty quick using the Okta CLI. After you've installed it, run:
okta registerThen, in your JHipster app's directory, run okta apps create and select JHipster. This will set up an Okta app for you, create ROLE_ADMIN and ROLE_USER groups, create a .okta.env file with your Okta settings, and configure a groups claim in your ID token.
Run source .okta.env and start your app with Maven or Gradle. You should be able to sign in with the credentials you registered with.
If you're on Windows, you should install WSL so the source command will work.
If you'd like to configure things manually through the Okta developer console, see the instructions below.
First, you'll need to create a free developer account at https://developer.okta.com/signup/. After doing so, you'll get your own Okta domain, that has a name like https://dev-123456.okta.com.
Modify src/main/resources/config/application.yml to use your Okta settings.
spring:
...
security:
oauth2:
client:
provider:
oidc:
issuer-uri: https://{yourOktaDomain}/oauth2/default
registration:
oidc:
client-id: {clientId}
client-secret: {clientSecret}
security:Create an OIDC App in Okta to get a {clientId} and {clientSecret}. To do this, log in to your Okta Developer account and navigate to Applications > Add Application. Click Web and click the Next button. Give the app a name you’ll remember, specify http://localhost:8080 as a Base URI, and http://localhost:8080/login/oauth2/code/oidc as a Login Redirect URI. Click Done, then Edit and add http://localhost:8080 as a Logout redirect URI. Copy and paste the client ID and secret into your application.yml file.
Create a ROLE_ADMIN and ROLE_USER group and add users into them. Modify e2e tests to use this account when running integration tests. You'll need to change credentials in src/test/javascript/e2e/account/account.spec.ts and src/test/javascript/e2e/admin/administration.spec.ts.
Navigate to API > Authorization Servers, click the Authorization Servers tab and edit the default one. Click the Claims tab and Add Claim. Name it "groups", and include it in the ID Token. Set the value type to "Groups" and set the filter to be a Regex of .*.
After making these changes, you should be good to go! If you have any issues, please post them to Stack Overflow. Make sure to tag your question with "jhipster" and "okta".
If you'd like to use Auth0 instead of Keycloak, follow the configuration steps below:
- Create a free developer account at https://auth0.com/signup. After successful sign-up, your account will be associated with a unique domain like
dev-xxx.us.auth0.com - Create a new application of type
Regular Web Applications. Switch to theSettingstab, and configure your application settings like:- Allowed Callback URLs:
http://localhost:8080/login/oauth2/code/oidc - Allowed Logout URLs:
http://localhost:8080/
- Allowed Callback URLs:
- Navigate to User Management > Roles and create new roles named
ROLE_ADMIN, andROLE_USER. - Navigate to User Management > Users and create a new user account. Click on the Role tab to assign roles to the newly created user account.
- Navigate to Auth Pipeline > Rules and create a new Rule. Choose
Empty ruletemplate. Provide a meaningful name likeJHipster claimsand replaceScriptcontent with the following and Save.
function (user, context, callback) {
user.preferred_username = user.email;
const roles = (context.authorization || {}).roles;
function prepareCustomClaimKey(claim) {
return `https://www.jhipster.tech/${claim}`;
}
const rolesClaim = prepareCustomClaimKey('roles');
if (context.idToken) {
context.idToken[rolesClaim] = roles;
}
if (context.accessToken) {
context.accessToken[rolesClaim] = roles;
}
callback(null, user, context);
}- In your
JHipsterapplication, modifysrc/main/resources/config/application.ymlto use your Auth0 application settings:
spring:
...
security:
oauth2:
client:
provider:
oidc:
# make sure to include the ending slash!
issuer-uri: https://{your-auth0-domain}/
registration:
oidc:
client-id: {clientId}
client-secret: {clientSecret}
scope: openid,profile,email
jhipster:
...
security:
oauth2:
audience:
- https://{your-auth0-domain}/api/v2/OpenAPI-Generator is configured for this application. You can generate API code from the src/main/resources/swagger/api.yml definition file by running:
./mvnw generate-sourcesThen implements the generated delegate classes with @Service classes.
To edit the api.yml definition file, you can use a tool such as Swagger-Editor. Start a local instance of the swagger-editor using docker by running: docker compose -f src/main/docker/swagger-editor.yml up -d. The editor will then be reachable at http://localhost:7742.
Refer to Doing API-First development for more details.
To build the final jar and optimize the Cybgiz application for production, run:
./mvnw -Pprod clean verify
This will concatenate and minify the client CSS and JavaScript files. It will also modify index.html so it references these new files.
To ensure everything worked, run:
java -jar target/*.jar
Then navigate to http://localhost:8081 in your browser.
Refer to Using JHipster in production for more details.
To package your application as a war in order to deploy it to an application server, run:
./mvnw -Pprod,war clean verify
To launch your application's tests, run:
./mvnw verify
Unit tests are run by Jest. They're located in src/test/javascript/ and can be run with:
npm test
Performance tests are run by Gatling and written in Scala. They're located in src/test/java/gatling/simulations.
You can execute all Gatling tests with
./mvnw gatling:test
For more information, refer to the Running tests page.
Sonar is used to analyse code quality. You can start a local Sonar server (accessible on http://localhost:9001) with:
docker compose -f src/main/docker/sonar.yml up -d
Note: we have turned off forced authentication redirect for UI in src/main/docker/sonar.yml for out of the box experience while trying out SonarQube, for real use cases turn it back on.
You can run a Sonar analysis with using the sonar-scanner or by using the maven plugin.
Then, run a Sonar analysis:
./mvnw -Pprod clean verify sonar:sonar -Dsonar.login=admin -Dsonar.password=admin
If you need to re-run the Sonar phase, please be sure to specify at least the initialize phase since Sonar properties are loaded from the sonar-project.properties file.
./mvnw initialize sonar:sonar -Dsonar.login=admin -Dsonar.password=admin
Additionally, Instead of passing sonar.password and sonar.login as CLI arguments, these parameters can be configured from sonar-project.properties as shown below:
sonar.login=admin
sonar.password=admin
For more information, refer to the Code quality page.
You can use Docker to improve your JHipster development experience. A number of docker-compose configuration are available in the src/main/docker folder to launch required third party services.
For example, to start a oracle database in a docker container, run:
docker compose -f src/main/docker/oracle.yml up -d
To stop it and remove the container, run:
docker compose -f src/main/docker/oracle.yml down
You can also fully dockerize your application and all the services that it depends on. To achieve this, first build a docker image of your app by running:
npm run java:docker
Or build a arm64 docker image when using an arm64 processor os like MacOS with M1 processor family running:
npm run java:docker:arm64
Then run:
docker compose -f src/main/docker/app.yml up -d
When running Docker Desktop on MacOS Big Sur or later, consider enabling experimental Use the new Virtualization framework for better processing performance (disk access performance is worse).
For more information refer to Using Docker and Docker-Compose, this page also contains information on the docker-compose sub-generator (jhipster docker-compose), which is able to generate docker configurations for one or several JHipster applications.
To configure CI for your project, run the ci-cd sub-generator (jhipster ci-cd), this will let you generate configuration files for a number of Continuous Integration systems. Consult the Setting up Continuous Integration page for more information.