# ThreatVault

### **What is ThreatVault?**

**ThreatVault** is a next-generation, open-source Unified Vulnerability & Compliance Management Platform built for **security engineers, DevSecOps teams, and security management**. It centralizes vulnerability and compliance data from multiple tools into a single, intelligent dashboard—making it easier to track, manage, and remediate security findings.

Built with **FastAPI (Python)** and **PostgreSQL**, ThreatVault transforms raw scan data into **actionable insights** using smart deduplication, AI-powered explanations, and SLA tracking.

***

### **Why ThreatVault?**

In modern DevSecOps workflows, security teams often juggle multiple tools like **Nessus, OpenVAS, OWASP ZAP, Trivy**, and more. Each tool generates its own reports, making it hard to get a unified view of your security posture.

**ThreatVault solves this by:**

* Centralizing all scan results into **one dashboard**
* Automatically tracking **new vs. closed findings**
* Enforcing **SLA timelines** based on severity
* Supporting **custom integrations** via plugins
* Providing **AI-powered explanations** for non-technical stakeholders
* Offering **role-based access control** for secure collaboration

***

### **Key Features**

| **Feature**              | **Description**                                                                                                                         |
| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- |
| **Unified Dashboard**    | Get a centralized view of all vulnerability and compliance findings from multiple tools in one place                                    |
| **VAPT Dashboard**       | Create projects (e.g., monthly scans), upload scan results, and track findings over time                                                |
| **Compliance Dashboard** | Centralize compliance findings from tools like Nessus, AWS Security Hub, and more                                                       |
| **Management Dashboard** | Gain high-level visibility into vulnerability and compliance projects for informed decision-making, escalation, and management action   |
| **Owner Dashboard**      | Owners can view only the projects and products they are responsible for, enabling focused remediation efforts                           |
| **SLA Management**       | Track remediation deadlines based on severity and configured SLA rules to ensure timely action                                          |
| **AI Integration**       | Use OpenAI to generate plain-language explanations of vulnerabilities for better understanding across technical and non-technical teams |
| **Multi-Tool Support**   | Native support for popular tools like Nessus, OpenVAS, OWASP ZAP, and Trivy                                                             |
| **Plugin Architecture**  | Extend functionality by writing custom plugins to integrate any unsupported tool                                                        |
| **DevSecOps Ready**      | Designed for seamless integration into CI/CD pipelines and modern development workflows                                                 |
| **Multi-User Roles**     | Support for Admin, ITSE, Management, Owner, and Audit roles with granular access control for secure collaboration                       |

***

### **User Roles & Access Control**

ThreatVault supports **role-based access control (RBAC)** to ensure secure and efficient collaboration:

| Role           | Permissions                                                     |
| -------------- | --------------------------------------------------------------- |
| **Admin**      | Full access to all modules, users, and settings                 |
| **ITSE**       | Approve user access, assign roles, and upload scan results      |
| **Management** | Read-only access to all products and dashboards                 |
| **Owner**      | View and manage only assigned projects and products             |
| **Audit**      | (Under development) Designed for compliance and audit workflows |

***

### **How It Works**

1. **Upload Scan Results**
   * Upload findings from tools like Nessus, Trivy, or ZAP into a project
   * ThreatVault automatically checks for duplicates and categorizes findings as **new** or **closed**
2. **Track SLAs**
   * SLA timers start based on severity and admin-defined rules
   * Track progress and ensure timely remediation
3. **View Dashboards**
   * Use the **VAPT Dashboard** for vulnerability tracking
   * Use the **Compliance Dashboard** for regulatory findings
   * Use the **Management Dashboard** for high-level oversight
4. **Collaborate Securely**
   * Assign roles and project access
   * Use AI explanations to communicate findings to non-technical teams
5. **Extend with Plugins**
   * If your tool isn’t supported, write a plugin to integrate it

***

### **Tech Stack**

#### **Backend**

* **FastAPI** – High-performance Python web framework
* **PostgreSQL 17.0** – Reliable relational database
* **SQLAlchemy (async ORM)** – For efficient database interactions
* **Alembic** – For database migrations
* **Polars & Pandas** – For fast data processing
* **JWT + OAuth2** – Secure authentication
* **CORS & Session Middleware** – For secure API and session handling

#### **Frontend**

* **Server-side HTML templates**
* **Bootstrap** – Responsive UI design
* **HTMX 2.0.4** – Dynamic UI updates with SSE
* **jQuery** – DOM manipulation
* **DataTables** – Interactive data tables
* **ApexCharts** – Visualizations
* **SweetAlert2** – Beautiful alerts
* **Choices.js** – Enhanced select inputs

#### **Infrastructure & Deployment**

* **Docker** – Containerization
* **Docker Compose** – Orchestration
* **Automatic DB Initialization & Scheduler** – On startup

#### **Architecture**

* Layered design: `presentation`, `application`, `domain`, `persistence`
* Static assets served from `/assets` endpoint

***

### **Contribute to ThreatVault**

ThreatVault is **open source** and welcomes contributions from the community!

#### **Ways to Contribute:**

* Add support for new security tools
* Improve AI explanations
* Enhance dashboards and visualizations
* Fix bugs and improve documentation
* Help develop the **Audit role** and **compliance workflows**

#### **Join Us**

* Visit: <https://threatvault.io>
* GitHub: [github.com/threatvault](https://github.com/threatvault)
* Community: Join our Discord or Slack (coming soon)

### Jump right in

<table data-view="cards"><thead><tr><th></th><th></th><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><h4><i class="fa-leaf">:leaf:</i></h4></td><td><strong>Quickstart</strong></td><td>Quick Start with Docker 🐳</td><td></td><td></td><td><a href="getting-started/running-threatvault-with-docker">running-threatvault-with-docker</a></td></tr><tr><td><h4><i class="fa-bolt">:bolt:</i></h4></td><td><strong>Dashboard</strong></td><td>How does it works?</td><td></td><td></td><td><a href="getting-started/quickstart">quickstart</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.threatvault.io/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.