heimdall-lite

heimdall-lite v2.0

Heimdall Lite 2.0 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally, from S3 and other data sources.

Demos

YouTube

Hosted

Netlify

https://heimdall-lite.netlify.com/

GitHub Pages

https://mitre.github.io/heimdall-lite/#/

Installation & Use

As a single-page javascript app - you can run Heimdall-Lite from any web-server, a secured S3 bucket or directly via GitHub Pages (as it is here). Heimdall-Lite gives you the ability to easily review and produce reports about your InSpec run, filter the results for easy review and hot-wash, print out reports, generate System Security Plan (SSP) content, and much more.

Heimdall vs Heimdall-Lite

There are two versions of the MITRE Heimdall Viewer - the full Heimdall and the Heimdall-Lite version. We produced each to meet different needs and use-cases.

Features

	Heimdall-Lite	Heimdall
Installation Requirements	any web server	rails 5.x Server Postgres Server
Overview Dashboard & Counts	x	x
800-53 Partition and TreeMap View	x	x
Data Table / Control Summary	x	x
InSpec Code / Control Viewer	x	x
SSP Content Generator		x
PDF Report and Print View	x	x
Users & Roles & multi-team support		x
Authentication & Authorization	Hosting Webserver	Hosting Webserver LDAP GitHub OAUTH & SAML GitLab OAUTH & SAML
Advanced Data / Filters for Reports and Viewing		x
Multiple Report Output (DISA Checklist XML, CAT, XCCDF-Results, and more)		x
Authenticated REST API		x
InSpec Run 'Delta' View		x
Multi-Report Tagging, Filtering and Delta View		x

Use Cases

Heimdall-Lite	Heimdall
Ship the App & Data via simple Email	Multiple Teams Support
Minimal Footprint & Deployment Time	Timeline and Report History
Local or disconnected Use	Centralized Deployment Model
One-Time Quick Reviews	Need to view the delta between one or more runs
Decentralized Deployment	Need to view subsets of the 800-53 control alignment
Minimal A&A Time	Need to produce more complex reports in multiple formats

General Deployment

NodeJS Deployment

Heimdall Lite is a standard VueJS app so for help with a local deployment, please see: https://cli.vuejs.org/guide/deployment.html#general-guidelines

Heimdall Lite is published to the <npmjs.org> MITRE site at https://www.npmjs.com/package/heimdall-lite.

Running via npm

To run Heimdall Lite locally, just use the npm built-in utility npx:

npx heimdall-lite

If you use this tool often and want to have it installed locally, use the following command:

npm install -g heimdall-lite

Then, any subsequent npx heimdall-lite will use the local version and load much more quickly.

Docker Deployment

https://hub.docker.com/r/mitre/heimdall-lite

Pulling from Docker

docker pull mitre/heimdall-lite:latest

or

docker pull mitre/heimdall-lite:v#.#.#

Running via Docker

docker run -d -p 8080:80 heimdall-lite:latest

or

docker run -d -p 8080:80 heimdall-lite:v#.#.#

You can then access heimdall-lite via: localhost:8080

Project setup

npm install

Compiles and hot-reloads for development

npm run serve

Compiles and minifies for production

npm run build

Lints and fixes files

npm run lint

Run your unit tests

npm run test:unit

Versioning and State of Development

This project uses the Semantic Versioning Policy

Contributing, Issues and Support

Contributing

Please feel free to look through our issues, make a fork and submit PRs and improvements. We love hearing from our end-users and the community and will be happy to engage with you on suggestions, updates, fixes or new capabilities.

Issues and Support

Please feel free to contact us by opening an issue on the issue board, or, at inspec@mitre.org should you have any suggestions, questions or issues. If you have more general questions about the use of our software or other concerns, please contact us at opensource@mitre.org.

NOTICE

© 2019 The MITRE Corporation.

Approved for Public Release; Distribution Unlimited. Case Number 18-3678.

NOTICE

MITRE hereby grants express written permission to use, reproduce, distribute, modify, and otherwise leverage this software to the extent permitted by the licensed terms provided in the LICENSE.md file included with this project.

NOTICE

This software was produced for the U. S. Government under Contract Number HHSM-500-2012-00008I, and is subject to Federal Acquisition Regulation Clause 52.227-14, Rights in Data-General.

No other use other than that granted to the U. S. Government, or to those acting on behalf of the U. S. Government under that Clause is authorized without the express written permission of The MITRE Corporation.

For further information, please contact The MITRE Corporation, Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539, (703) 983-6000.