VXDF Dashboard
VXDF (Validated eXploitable Data Flow) is a security validation platform that verifies and validates security findings from various scanners, providing standardized reporting with comprehensive evidence collection.
- Core Architecture
- Key Features
- Evidence System
- Key Components
- Validation Workflow
- Data Model
- Project Structure
- Installation
- Running the Application
- API Documentation
- Documentation
- License
VXDF follows a modular microservices architecture with clear separation between:
- Validation Engine - Core vulnerability verification logic
- API Layer - RESTful interface with evidence ingestion
- Data Processing - SARIF/DAST/SCA parsing pipeline
- Evidence Collection - Automated exploit validation system
- Reporting - VXDF format generation and export
- SARIF Support - Static analysis results from tools like Semgrep, CodeQL
- DAST Integration - Dynamic analysis from OWASP ZAP, Burp Suite
- SCA Support - Dependency scanning from npm audit, pip-audit
- Auto-Detection - Intelligent parser selection based on file content
- Docker-based Validation - Isolated exploitation testing
- Vulnerability Types - SQL injection, XSS, path traversal, and more
- Evidence Collection - Automated capture of exploit attempts
- Correlation Engine - Smart grouping of related findings
- 30+ Evidence Types - HTTP logs, code snippets, screenshots, tool outputs
- Flexible Matching - Link evidence to findings via multiple strategies
- Real-world Integration - Support for popular security tools
- Structured Storage - Type-safe evidence validation
VXDF includes a comprehensive evidence system that allows security professionals to attach evidence from any source to vulnerability findings.
HTTP_REQUEST_LOG- Request logs with payloadsHTTP_RESPONSE_LOG- Server responsesNETWORK_TRAFFIC_CAPTURE_SUMMARY- Network analysis
CODE_SNIPPET_SOURCE- Vulnerable source codeCODE_SNIPPET_SINK- Vulnerability pointsPOC_SCRIPT- Proof-of-concept scripts
RUNTIME_APPLICATION_LOG_ENTRY- Application logsRUNTIME_SYSTEM_LOG_ENTRY- System eventsRUNTIME_DATABASE_LOG_ENTRY- Database logs
TOOL_SPECIFIC_OUTPUT_LOG- Security tool outputsVULNERABLE_COMPONENT_SCAN_OUTPUT- SCA resultsSTATIC_ANALYSIS_DATA_FLOW_PATH- SAST analysis
SCREENSHOT_EMBEDDED_BASE64- Visual proofMANUAL_VERIFICATION_NOTES- Manual testing results
- Rule ID Matching - Link to specific scanner rules
- CWE Matching - Associate with weakness IDs
- Location Matching - File and line-based matching
- Pattern Matching - Regex-based matching
- Validation Engine: Core vulnerability verification
- Flask API: RESTful endpoints
- SQLAlchemy ORM: Database management
- Parser System: Multi-format input processing
- Evidence Handler: Evidence processing and validation
- Validator Plugins: Vulnerability-specific logic
- React/TypeScript: Modern web interface
- Dynamic Dashboard: Real-time statistics
- File Upload: Scanner report ingestion
- Evidence Viewer: Evidence inspection
- Report Generator: VXDF export
-
Input Ingestion
- Upload scanner results (SARIF, DAST JSON, SCA)
- Attach external evidence files
- Auto-detect file formats
-
Processing
- Parse and normalize findings
- Extract vulnerability details
- Apply correlation logic
-
Validation
- Docker-based exploitation testing
- Evidence collection
- Exploitability assessment
-
Reporting
- Generate VXDF documents
- Include all evidence
- Maintain audit trail
The data model is defined using Pydantic in api/models/vxdf.py.
VXDFModel: Root document modelVulnerabilityDetailsModel: Individual vulnerabilitiesEvidenceModel: Evidence itemsExploitFlowModel: Attack sequences
Each evidence type has a corresponding Pydantic model for validation.
vxdf/
βββ api/ # Backend API
β βββ core/ # Validation engine
β βββ models/ # Data models
β βββ parsers/ # Input parsers
β βββ utils/ # Utilities
β βββ validators/ # Vulnerability validators
β βββ api.py # API endpoints
β βββ server.py # Flask server
βββ frontend/ # React frontend
βββ tests/ # Test suites
βββ docs/ # Documentation
βββ config/ # Configuration
βββ data/ # Database
βββ scripts/ # Utility scripts
βββ README.md # This file
- Python 3.9+
- Node.js 16+ and npm
- Git
git clone https://github.com/your-username/vxdf.git
cd vxdf
pip install -r requirements.txt
cd frontend
npm install
cd ..# One-command startup
python3 start_vxdf.pypython3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 -m api.server --port 5001cd frontend
npm install
npm run devAccess the application:
- Backend API: http://localhost:5001
- Frontend UI: http://localhost:3000
POST /api/upload- Upload scanner resultsPOST /api/findings/{finding_id}/attach_evidence_file- Attach evidenceGET /api/vulnerabilities- List vulnerabilitiesPOST /api/validation/start- Start validation workflowGET /api/stats- Dashboard statistics
curl -X POST http://localhost:5001/api/upload \
-F "file=@scan_results.sarif" \
-F "parser_type=sarif"curl -X POST http://localhost:5001/api/findings/{finding_id}/attach_evidence_file \
-F "evidence_file=@screenshot.png" \
-F "evidence_type_str=SCREENSHOT_EMBEDDED_BASE64"- API Documentation - Complete API reference
- VXDF Format - Format specification
- Installation Guide - Setup instructions
- Contributing Guide - Development guidelines
- Backend runs on port 5001
- Frontend runs on port 3000
- Database: SQLite at
data/vxdf_validate.db - Logs:
logs/vxdf_validate.log
rm data/vxdf_validate.db
python3 api/load_sarif_to_db.pycurl http://localhost:5001/api/statstail -f logs/vxdf_validate.logLicensed under the Apache License 2.0. See LICENSE for details.