SAMMY Open Source v2

This repository hosts the open source version of SAMMY - the OWASP SAMM tool.

License

This project is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. See the LICENSE file for details.

SAMMY v2

The setup comes with a predefined user injected in the database:
- username: [email protected]
- password: admin
- mfa key: AB4FHDUHYVGW7IAB (add this key to your authenticator app manually)

How to run it without docker

Requirements

MySQL or MariaDB
Redis (only if you want to run it in APP_ENV=prod)
php8.2+
composer

Optional

Symfony CLI (https://symfony.com/download)

How to run it

Create .env.local file with your local setup. Example with MariaDB:
- in case of any other DB here you can find proper connection string - https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url

DATABASE_URL=mysql://root:[email protected]:3306/sammy?serverVersion=11.3.2-MariaDB
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
APP_ENV=dev
APP_DEBUG=1

install & run

composer install
./scripts/setup_database.sh
# if you have symfony cli
symfony server:start --allow-http
# else
php -S 0.0.0.0:8000 -t ./public
open http://127.0.0.1:8000

How to run it with docker

# 1. start DB and Redis
docker compose up -d db redis
# 2. now we can start our application
docker compose up -d --build app
# 3. sync SAMM model. Note, this step syncs the SAMM model from the core GitHub repo. You only have to run this the very first time and upon every SAMM model update.
docker compose exec app ./scripts/sync_samm.sh
# 4. Enjoy
open http://127.0.0.1:8000

Mailing

If you want to use mailing feature you have to add following to your .env.local or compose.yaml file. All fields are Required. Also, server should use proper SSL.
- for .env.lcoal
```
PHPMAILER_SMTP_HOST=
PHPMAILER_SMTP_PORT=
PHPMAILER_SMTP_USERNAME=
PHPMAILER_SMTP_PASSWORD=
```
  - for compose.yaml under app section under environment
```
- PHPMAILER_SMTP_HOST=
- PHPMAILER_SMTP_PORT=
- PHPMAILER_SMTP_USERNAME=
- PHPMAILER_SMTP_PASSWORD=
```
If you are using docker you do not have to do anything else. There is a cronjob which runs every 2 minutes.
If you are running this locally you have to run following command manually:

php ./bin/console app:process-mailing

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.github		.github
bin		bin
config		config
docker-build		docker-build
migrations		migrations
public		public
scripts		scripts
src		src
templates		templates
tests		tests
translations		translations
.dockerignore		.dockerignore
.editorconfig		.editorconfig
.env		.env
.env.test		.env.test
.gitattributes		.gitattributes
.gitignore		.gitignore
.php-cs-fixer.dist.php		.php-cs-fixer.dist.php
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
compose.yaml		compose.yaml
composer.json		composer.json
composer.lock		composer.lock
healthcheck.sh		healthcheck.sh
phpstan.neon		phpstan.neon
phpunit.xml.dist		phpunit.xml.dist
symfony.lock		symfony.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SAMMY Open Source v2

License

SAMMY v2

How to run it without docker

Requirements

Optional

How to run it

How to run it with docker

Mailing

About

Releases

Packages

Contributors 2

Languages

License

OWASP/open-sammy

Folders and files

Latest commit

History

Repository files navigation

SAMMY Open Source v2

License

SAMMY v2

How to run it without docker

Requirements

Optional

How to run it

How to run it with docker

Mailing

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages