Getting started with Flow
Mixeway Flow is a versatile and comprehensive tool designed to serve as the ultimate Swiss army knife for DevSecOps processes. It streamlines the integration of security practices into your development and operations workflows, ensuring that your software is secure from the ground up.
Mixeway Flow comes equipped with built-in open-source scanning engines that perform thorough security validations across multiple layers of your development stack. From Infrastructure as Code (IaC) to source code and open-source libraries, Mixeway Flow ensures that potential vulnerabilities are identified and addressed early in the development lifecycle.
One of Mixeway Flow’s standout features is its seamless integration with Git and CI/CD environments through webhooks. This means you don’t have to spend time configuring and maintaining complex CI/CD pipelines—Mixeway Flow automatically hooks into your existing workflows to provide continuous security monitoring.
All vulnerabilities detected by Mixeway Flow are displayed in a single, unified dashboard. This dashboard offers a comprehensive view of all potential threats, with the added ability to suppress or ignore certain vulnerabilities based on specific contexts or justifications. This flexibility allows you to focus on the most critical issues without being overwhelmed by false positives or low-priority alerts.
Whether you are a developer, a security engineer, or part of a DevOps team, Mixeway Flow simplifies the integration of security into your development process, helping you build and maintain secure software with ease.
Installation
Prerequisites
Before you begin the installation process, ensure you have the following prerequisites:
- Access to Docker Hub
- Docker Compose command installed
Hardware Requirements
- Minimal: 2 CPU, 16 GB RAM, 50 GB disk space
- Recommended: 4 CPU, 32 GB RAM, 100 GB disk space
Installation Options
You have two options to install Mixeway Flow:
Using git clone
git clone https://github.com/Mixeway/flow
cd flow
docker-compose up
Using docker-compose directly
cat <<EOF > docker-compose.yml
version: '3.8'
services:
backend:
image: mixeway/flow-api:latest
container_name: flowapi_backend
ports:
- "8888:8888"
- "8443:8443"
environment:
SSL: "TRUE"
volumes:
- pki_data:/etc/pki
- dependency_track_data:/root/.dependency-track
depends_on:
- flowdb
flowdb:
image: postgres:latest
container_name: flowdb
ports:
- "5432:5432"
environment:
POSTGRES_DB: flow
POSTGRES_USER: flow_user
POSTGRES_PASSWORD: flow_pass
volumes:
- flowdb_data:/var/lib/postgresql/data
flow:
image: mixeway/flow:latest
container_name: flow_frontend
ports:
- "443:443"
volumes:
- flow_data:/etc/nginx/ssl
depends_on:
- backend
volumes:
flowdb_data:
flow_data:
pki_data:
dependency_track_data:
EOF
docker-compose up
either way what will happen:
- Postgres database will be set up
- Backend will be set up, self-signed certificates will be generated, dependency track will be started
- Frontend application will be started via nginx
application will be started at: https://localhost:443
initial password is: admin:admin
– You will be forced to change it during first login