ThreatVault

What is ThreatVault?

ThreatVault is a next-generation, open-source Unified Vulnerability & Compliance Management Platform built for security engineers, DevSecOps teams, and security management. It centralizes vulnerability and compliance data from multiple tools into a single, intelligent dashboard—making it easier to track, manage, and remediate security findings.

Built with FastAPI (Python) and PostgreSQL, ThreatVault transforms raw scan data into actionable insights using smart deduplication, AI-powered explanations, and SLA tracking.

Why ThreatVault?

In modern DevSecOps workflows, security teams often juggle multiple tools like Nessus, OpenVAS, OWASP ZAP, Trivy, and more. Each tool generates its own reports, making it hard to get a unified view of your security posture.

ThreatVault solves this by:

  • Centralizing all scan results into one dashboard

  • Automatically tracking new vs. closed findings

  • Enforcing SLA timelines based on severity

  • Supporting custom integrations via plugins

  • Providing AI-powered explanations for non-technical stakeholders

  • Offering role-based access control for secure collaboration

Key Features

Feature

Description

Unified Dashboard

Get a centralized view of all vulnerability and compliance findings from multiple tools in one place

VAPT Dashboard

Create projects (e.g., monthly scans), upload scan results, and track findings over time

Compliance Dashboard

Centralize compliance findings from tools like Nessus, AWS Security Hub, and more

Management Dashboard

Gain high-level visibility into vulnerability and compliance projects for informed decision-making, escalation, and management action

Owner Dashboard

Owners can view only the projects and products they are responsible for, enabling focused remediation efforts

SLA Management

Track remediation deadlines based on severity and configured SLA rules to ensure timely action

AI Integration

Use OpenAI to generate plain-language explanations of vulnerabilities for better understanding across technical and non-technical teams

Multi-Tool Support

Native support for popular tools like Nessus, OpenVAS, OWASP ZAP, and Trivy

Plugin Architecture

Extend functionality by writing custom plugins to integrate any unsupported tool

DevSecOps Ready

Designed for seamless integration into CI/CD pipelines and modern development workflows

Multi-User Roles

Support for Admin, ITSE, Management, Owner, and Audit roles with granular access control for secure collaboration

User Roles & Access Control

ThreatVault supports role-based access control (RBAC) to ensure secure and efficient collaboration:

Role
Permissions

Admin

Full access to all modules, users, and settings

ITSE

Approve user access, assign roles, and upload scan results

Management

Read-only access to all products and dashboards

Owner

View and manage only assigned projects and products

Audit

(Under development) Designed for compliance and audit workflows

How It Works

  1. Upload Scan Results

    • Upload findings from tools like Nessus, Trivy, or ZAP into a project

    • ThreatVault automatically checks for duplicates and categorizes findings as new or closed

  2. Track SLAs

    • SLA timers start based on severity and admin-defined rules

    • Track progress and ensure timely remediation

  3. View Dashboards

    • Use the VAPT Dashboard for vulnerability tracking

    • Use the Compliance Dashboard for regulatory findings

    • Use the Management Dashboard for high-level oversight

  4. Collaborate Securely

    • Assign roles and project access

    • Use AI explanations to communicate findings to non-technical teams

  5. Extend with Plugins

    • If your tool isn’t supported, write a plugin to integrate it

Tech Stack

Backend

  • FastAPI – High-performance Python web framework

  • PostgreSQL 17.0 – Reliable relational database

  • SQLAlchemy (async ORM) – For efficient database interactions

  • Alembic – For database migrations

  • Polars & Pandas – For fast data processing

  • JWT + OAuth2 – Secure authentication

  • CORS & Session Middleware – For secure API and session handling

Frontend

  • Server-side HTML templates

  • Bootstrap – Responsive UI design

  • HTMX 2.0.4 – Dynamic UI updates with SSE

  • jQuery – DOM manipulation

  • DataTables – Interactive data tables

  • ApexCharts – Visualizations

  • SweetAlert2 – Beautiful alerts

  • Choices.js – Enhanced select inputs

Infrastructure & Deployment

  • Docker – Containerization

  • Docker Compose – Orchestration

  • Automatic DB Initialization & Scheduler – On startup

Architecture

  • Layered design: presentation, application, domain, persistence

  • Static assets served from /assets endpoint

Contribute to ThreatVault

ThreatVault is open source and welcomes contributions from the community!

Ways to Contribute:

  • Add support for new security tools

  • Improve AI explanations

  • Enhance dashboards and visualizations

  • Fix bugs and improve documentation

  • Help develop the Audit role and compliance workflows

Join Us

Jump right in

Quickstart

Quick Start with Docker 🐳

Dashboard

How does it works?

NextRunning ThreatVault with Docker

Last updated