Skip to content

hokage-sec/hokage-platform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.circleci
.circleci
 
 
.docs/milestones
.docs/milestones
 
 
.github
.github
 
 
LICENSES
LICENSES
 
 
assets
assets
 
 
charts/hokage
charts/hokage
 
 
deploy/compose
deploy/compose
 
 
docs
docs
 
 
scripts
scripts
 
 
src/hokage
src/hokage
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
NOTICE.md
NOTICE.md
 
 
README.md
README.md
 
 
RELEASE_ARTIFACTS.md
RELEASE_ARTIFACTS.md
 
 
alembic.ini
alembic.ini
 
 
docker-compose.yml
docker-compose.yml
 
 
mkdocs.yml
mkdocs.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pyproject.toml
pyproject.toml
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements.txt
requirements.txt
 
 
tailwind.config.js
tailwind.config.js
 
 

Repository files navigation

Hokage Platform

Hokage Platform

Unified Application Security for Modern Engineering Teams

CI Status Python 3.11+ License Verified Domain

About

Hokage Platform is an open-source, unified application security solution designed to simplify AppSec for SMEs and development teams.

Instead of managing multiple security tools with fragmented configurations, Hokage provides a single orchestration layer that runs industry-standard scanners and normalizes their findings into one dashboard.

Key Features

Feature Description
Unified Orchestration One API to run Semgrep, Trivy, Gitleaks, ZAP, and more
Canonical Finding Schema All findings normalized into CFS v1 for consistent reporting
Intelligent Deduplication Same issue from multiple tools = one finding with merged provenance
Plugin Architecture Optional heavy engines (DefectDojo, Dependency-Track) as install-time add-ons
Event-Driven Integration Webhooks for finding lifecycle events
Multi-Tenant Isolation Row-level security with tenant boundaries
ASVS 5.0 Compliant Built following OWASP security standards

Integrated Engines

Hokage comes pre-wired with industry-leading open-source security engines. All scanners are opt-in via Docker profiles.

Category Engine Capabilities Profile
SAST Semgrep Static analysis for vulnerabilities sast
Secrets Gitleaks Hardcoded credentials detection secrets
Container Trivy Container image vulnerabilities container
IaC Trivy Terraform/K8s misconfigurations iac
DAST OWASP ZAP Dynamic web application scanning dast
Runtime Falco Runtime threat detection runtime

Optional Plugins

Heavy engines are available as optional plugins to reduce resource usage:

Engine Purpose Memory Profile
DefectDojo Vulnerability Management ~8GB defectdojo
Dependency-Track SBOM & SCA Monitoring 4.5-16GB deptrack

Installation

Prerequisites

  • Docker Desktop 20.10+ / Docker Engine 20.10+
  • Docker Compose v2+
  • 4GB RAM minimum (8GB recommended with scanners)

Quick Start

# Clone the repository
git clone https://github.com/hokage-sec/hokage-platform.git
cd hokage-platform

# Copy environment template
cp .env.example .env

# Start core services (Shell, Worker, Database)
docker compose --profile quickstart up -d

# Access the dashboard
open http://localhost:8000

Enabling Scanners

# Start with all non-privileged scanners
docker compose --profile quickstart --profile scanners up -d

# Or enable specific scanners
docker compose --profile quickstart --profile sast --profile secrets up -d

Enabling Optional Plugins

# With DefectDojo (~8GB RAM required)
docker compose --profile quickstart --profile defectdojo up -d

# With Dependency-Track (4.5-16GB RAM required)
docker compose --profile quickstart --profile deptrack up -d

# Full stack (~16-24GB RAM required)
docker compose --profile quickstart --profile defectdojo --profile deptrack up -d

Architecture

┌─────────────────────────────────────────────────────────────────────┐
│                         Hokage Platform                              │
├─────────────────────────────────────────────────────────────────────┤
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐ │
│  │   Web UI    │  │   CLI       │  │   API       │  │   Auth      │ │
│  │   (React)   │  │   (Python)  │  │   (FastAPI) │  │   (JWT)     │ │
│  └─────────────┘  └─────────────┘  └─────────────┘  └─────────────┘ │
├─────────────────────────────────────────────────────────────────────┤
│                         Core Services                                │
│  ┌─────────────────────────────────────────────────────────────────┐│
│  │  Canonical Finding Schema (CFS) + Deduplication + Event Bus     ││
│  └─────────────────────────────────────────────────────────────────┘│
├─────────────────────────────────────────────────────────────────────┤
│                    Scanner Adapters (opt-in profiles)                │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐  │
│  │ Semgrep  │ │ Gitleaks │ │  Trivy   │ │   ZAP    │ │  Falco   │  │
│  └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘  │
├─────────────────────────────────────────────────────────────────────┤
│                    Optional Plugins (install-time add-ons)           │
│  ┌─────────────────────────┐  ┌─────────────────────────┐          │
│  │      DefectDojo         │  │    Dependency-Track     │          │
│  │   (Vuln Management)     │  │      (SCA/SBOM)         │          │
│  └─────────────────────────┘  └─────────────────────────┘          │
└─────────────────────────────────────────────────────────────────────┘

Documentation

Comprehensive documentation is available at docs.hokage-sec.com or locally in the docs/ directory.

Section Description
Quickstart Get up and running in 5 minutes
Architecture System design and data flow
Security Threat model and hardening guide
Plugins DefectDojo & Dependency-Track setup
API Reference REST API and CLI documentation
Contributing How to contribute to Hokage

Security

Hokage is built with security-first principles following OWASP ASVS 5.0:

  • Multi-tenant isolation with Row-Level Security (RLS)
  • SSRF protection via outbound allowlists
  • Secret management through environment/vault (no hardcoded secrets)
  • Supply chain security with SBOM generation and image signing
  • Rate limiting to prevent abuse
  • CSRF protection for all state-changing operations
  • Secure session management with short-lived tokens

For security issues, please see our Security Policy.

Development

# Create virtual environment
make .venv && make install

# Run linting
make lint

# Run tests
make test-unit          # Fast unit tests
make test-integration   # Integration tests (may need Docker)
make test               # All tests

# Run CI checks locally
make ci-quick           # Fast checks (develop branch)
make ci-full            # Full checks (main branch)

# Build documentation
make docs-build
make docs-serve         # Local preview at http://localhost:8000

Contributing

We welcome contributions! Whether fixing bugs, adding scanner adapters, or improving docs.

Enterprise Edition

Hokage offers an Enterprise Edition for organizations requiring advanced compliance and management features.

Feature Open Source Enterprise
Unlimited Scans
CLI & API Access
Docker/K8s Deployment
Multi-Tenant Isolation
Plugin Architecture
SSO (OIDC/SAML)
MFA Enforcement
Jira Integration
Custom Dashboards
Priority Support

Contact sales@hokage-sec.com for enterprise licensing.

License

Hokage Platform is released under the MIT License.

Third-party components are listed in NOTICE.md and docs/oss/acknowledgements.md.

Built with ❤️ by the Hokage Security Team

About

Unified Application Security for Modern Engineering Teams

Topics

engineering appsec aspm appsec-tools vuln-management

Resources

Readme

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

7 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages