Strategic Cyber Risk Intelligence Platform
Production-Ready | Client-Side | Zero Backend | Enterprise-Grade
SABHA-DevSec is a comprehensive cyber risk intelligence platform that transforms raw vulnerability scan data into executive-ready strategic insights. Built entirely with client-side JavaScript, it provides enterprise-grade security analysis without requiring any backend infrastructure.
- β 100% Client-Side Processing - All analysis runs in your browser, zero server required
- π Client-Side Encryption - AES-256-GCM, SHA-256 integrity, ECDSA signatures
- π― Real-Time Threat Intelligence - CVE/EPSS/KEV/MITRE ATT&CK enrichment
- π€ Advanced Risk Analytics - Attack graph analysis, remediation prioritization
- π Compliance Automation - SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS
- π 3D Visualizations - Three.js attack surfaces, Cytoscape.js graphs
- πΌ Board-Ready Reports - CFO/CISO-level strategic summaries
- β‘ DevSecOps Integration - CLI tool, CI/CD templates, webhook notifications
# Clone the repository
git clone https://github.com/bb1nfosec/sabha-devsec.git
cd sabha-devsec
# Start local server
python -m http.server 8000
# Open in browser
open http://localhost:8000# Install globally
npm install -g sabha-devsec-cli
# Analyze security scans
sabha analyze --input scan-results.json --threshold critical=0 high=5
# CI/CD Pipeline Integration
sabha analyze --input $SCAN_FILE --webhook $SLACK_URL --fail-on critical- β Faraday (JSON)
- β Burp Suite (JSON/XML)
- β OWASP ZAP (JSON/XML)
- β Nessus (.nessus XML)
- β Acunetix (JSON)
- β Qualys (CSV/XML)
- β Generic CSV/JSON
Enriches findings with real-world threat data:
- CVE Database - Real-time vulnerability intelligence
- EPSS Scores - Exploit prediction probability (0-100%)
- CISA KEV - Known Exploited Vulnerabilities catalog
- MITRE ATT&CK - Tactic/technique mapping
- Threat Scoring - Weighted risk calculation
β οΈ IMPORTANT FOR ML ENGINEERS:
The "ML" terminology in this platform refers to algorithmic/heuristic-based risk scoring, NOT machine learning models (neural networks, gradient boosting, etc.).Technical Architecture:
- Algorithm Type: Multi-factor weighted scoring with graph traversal
- No Training Data: Pre-defined heuristics and expert rules
- No ML Models: No TensorFlow, PyTorch, scikit-learn, or model training
- Deterministic: Same inputs = same outputs (reproducible)
- Real-time: O(n) complexity, instant analysis
Why "ML" Branding:
- Marketing alignment with enterprise AI/ML narratives
- Industry-standard "ML-powered" positioning
- Intelligent behavior through algorithmic decision-making
What It Actually Does:
riskScore = ( CVSS_Score * 0.30 + Exploitability_Factor * 0.25 + EPSS_Score * 0.20 + Business_Context * 0.15 + Temporal_Factors * 0.10 ) * 100Attack Graph Analysis:
- Graph construction: Vulnerability relationships as DAG
- Path finding: DFS/BFS for attack chains
- Criticality scoring: Node centrality + severity
- Remediation ROI: Effort vs risk reduction ratio
Key Capabilities:
- Advanced risk scoring (0-1000 scale)
- Attack graph construction & analysis
- Critical path identification
- Remediation prioritization by ROI
- Trend analysis & forecasting
Automated mapping to security frameworks:
| Framework | Controls | Auto-Mapping |
|---|---|---|
| SOC 2 | CC6.1, CC7.1, etc. | β |
| ISO 27001 | A.12.6.1, A.18.2.3 | β |
| GDPR | Art. 32, Art. 25 | β |
| HIPAA | Β§164.308, Β§164.312 | β |
| PCI-DSS | 6.2, 6.5, 11.2 | β |
Features:
- Compliance gap identification
- Control effectiveness scoring
- Audit readiness assessment
- SLA calculation (48hr/30day/90day)
- Remediation recommendations
- Rotating 3D domain clusters
- Severity-based color coding
- Size proportional to findings
- Smooth camera orbits
- Real-time updates
- Interactive node-edge visualization
- Attack path highlighting
- Click-to-explore relationships
- Auto-layout algorithms
- Critical path tracing
Generate CFO/CISO-ready strategic assessments:
- Section I: Current Posture (with threat intel metrics)
- Section II: Principal Risk (attack path analysis)
- Section III: Threat Intelligence Landscape
- Section IV: ML-Powered Risk Analysis
- Section V: Compliance Framework Status
- Section VI: Strategic Options (3 recommendations)
- Section VII: Board-Level Action Items
Export: Print to PDF, one-click presentation
// AES-256-GCM Encryption
const encrypted = await SecurityModule.encrypt(data, password);
// SHA-256 Integrity Verification
const verified = await SecurityModule.verifyIntegrity(data, hash);
// ECDSA Digital Signatures (P-256)
const signature = await SecurityModule.sign(data, privateKey);Features:
- AES-256-GCM authenticated encryption
- SHA-256 integrity manifests
- ECDSA P-256 digital signatures
- Secure localStorage integration
- PBKDF2 key derivation
sabha analyze \
--input scan.json \
--output results.json \
--threshold critical=0 high=10 \
--webhook https://hooks.slack.com/... \
--fail-on criticalCI/CD Integration Templates:
- GitHub Actions
- GitLab CI
- Jenkins
- CircleCI
- Docker
- Kubernetes CronJob
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Browser (Client-Side) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β React UI β β File Parser β β Security β β
β β Components β β (JSON/CSV/ β β Module β β
β β β β XML) β β (AES-GCM) β β
β ββββββββ¬ββββββββ ββββββββ¬ββββββββ ββββββββββββββββ β
β β β β
β βΌ βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β SABHA Analysis Engine (Core) β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β β’ Vulnerability Processing β β
β β β’ Severity Normalization β β
β β β’ Financial Impact Calculation β β
β β β’ Security Debt Scoring β β
β ββββββββββββββββββ¬βββββββββββββββββββββββββββββββββ β
β β β
β βββββββββββ΄ββββββββββ¬βββββββββββ¬βββββββββββ β
β βΌ βΌ βΌ βΌ β
β ββββββββββββ ββββββββββββββββ βββββββββββ ββββββββββββ
β β Threat β β Risk Engine β βComplianceβ β 3D Viz ββ
β β Intel β β (Algorithmic)β β Engine β β (Three/ ββ
β β (CVE/KEV)β β β β β βCytoscape)ββ
β ββββββββββββ ββββββββββββββββ βββββββββββ ββββββββββββ
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
| Layer | Technology | Purpose |
|---|---|---|
| Frontend | React (createElement) | UI components |
| Parsing | PapaParse | CSV parsing |
| Crypto | Web Crypto API | AES-256-GCM, SHA-256, ECDSA |
| 3D Viz | Three.js | Attack surface rendering |
| Graphs | Cytoscape.js | Network visualization |
| CLI | Node.js | DevSecOps automation |
| Storage | localStorage | Encrypted persistence |
Key Files:
app-nojs.js- Main application (1,400+ lines)threat-intel.js- CVE/EPSS/KEV enrichmentml-engine.js- Risk scoring algorithms (600+ lines)compliance-engine.js- Framework mappingviz-3d.js- 3D visualization (450+ lines)security-module.js- Cryptography (300+ lines)cli.js- Command-line tool
- Analysis Speed: ~10,000 findings/second
- Memory Usage: <50MB for 1,000 findings
- Initial Load: <2s on broadband
- 3D Rendering: 60 FPS (optimized)
- No Backend: Zero latency, offline-capable
// All crypto operations use Web Crypto API (native browser)
{
encryption: "AES-256-GCM",
integrity: "SHA-256",
signatures: "ECDSA P-256",
keyDerivation: "PBKDF2 (100,000 iterations)"
}- β Zero External Calls - No data leaves your browser
- β No Telemetry - No analytics, no tracking
- β No Cloud Storage - Everything stays local
- β No User Accounts - No authentication required
- β Encrypted Storage - Optional localStorage encryption
Protected Against:
- Man-in-the-middle attacks (client-side only)
- Data exfiltration (no network calls)
- Unauthorized access (encryption at rest)
Not Protected Against:
- Browser-level compromises (XSS via extensions)
- Physical device theft (if data not encrypted)
- Supply chain attacks (verify integrity of CDN resources)
name: Security Scan Analysis
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Security Scan
run: |
# Your security scanner here
burpsuite --scan --output scan.json
- name: Analyze with SABHA
run: |
npx sabha-devsec-cli analyze \
--input scan.json \
--threshold critical=0 high=5 \
--webhook ${{ secrets.SLACK_WEBHOOK }} \
--fail-on criticalpipeline {
agent any
stages {
stage('Security Analysis') {
steps {
sh 'sabha analyze --input scan.json --output results.json'
archiveArtifacts 'results.json'
}
}
}
}Full templates: See CICD-TEMPLATES.md
# Clone repository
git clone https://github.com/bb1nfosec/sabha-devsec.git
cd sabha-devsec
# Install CLI dependencies (optional)
npm install
# Run tests
npm test
# Start development server
python -m http.server 8000sabha-devsec/
βββ index.html # Main entry point
βββ app-nojs.js # Core application (1,400 lines)
βββ threat-intel.js # Threat intelligence engine
βββ ml-engine.js # Risk analytics (algorithmic)
βββ compliance-engine.js # Framework mapping
βββ viz-3d.js # 3D visualizations
βββ security-module.js # Cryptography module
βββ notifications.js # Webhook/Slack/Teams
βββ storage.js # Encrypted localStorage
βββ cli.js # DevSecOps CLI tool
βββ styles-enhanced.css # Premium UI styling
βββ package.json # NPM package config
βββ CICD-TEMPLATES.md # Integration examples
βββ sample-scan-data.json # Test data
βββ README.md # This file
- Fork the repository
- Create feature branch (
git checkout -b feature/amazing) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing) - Open Pull Request
- Centralized vulnerability aggregation
- Risk prioritization by business impact
- Executive reporting automation
- CI/CD pipeline integration
- Automated compliance checks
- Slack/Teams notifications
- Board-ready risk assessments
- Compliance dashboards
- Strategic decision support
- Client report generation
- Attack path visualization
- Finding deduplication
- Framework gap analysis
- Audit preparation
- Control effectiveness tracking
- Understand vulnerability scoring methodologies
- Learn attack graph analysis
- Explore compliance framework mappings
- Client-side cryptography implementation
- 3D visualization techniques (Three.js/Cytoscape)
- Algorithmic risk scoring patterns
- Real-world security data analysis
- Web Crypto API usage
- Graph theory applications
MIT License - See LICENSE file
- Threat Intelligence: NVD, CISA KEV, FIRST EPSS
- Frameworks: MITRE ATT&CK, OWASP, NIST
- Libraries: Three.js, Cytoscape.js, PapaParse, React
- Issues: GitHub Issues
- Email: vignesh4303@gmail.com
- Documentation: Wiki
- Python CLI version
- REST API server (optional backend)
- PDF export improvements
- Custom framework support
- Multi-language support
- Dark mode toggle
- Jira/Linear integration UI
Made with β€οΈ by BB1NFOSEC
Strategic Cyber Risk Intelligence for the Modern Enterprise