Repository files navigation

verinice helps you to build and operate your management system forinformation security (ISMS). Whether you base it on ISO 27001, BSI ITBaseline Protection, IDW PS 330 or another standard: verinice supportsyou in your daily work as a CISO or IT Security Officer.

All relevant standards are either already integrated in the tool or canbe easily imported. All data is stored in an object model that istailored to the requirements of information security and is dynamicallyexpandable. This makes your data the basis for a sustainable IS process.

verinice is a Java application. The graphical surface is implementedwith the Rich Client Platform (RCP). This makes verinice platformindependent while using the native GUI elements of the operating system.

Also part of the Eclipse platform is the BIRT Report Designer. Allverinice reports can be customized – and you’re able to designcompletely new reports which can be exported as PDF, HTML or Excel (CSV)file.

The spec file for the verinice target platform is stored insernet.verinice.releng.tp. Add this folder as a project.

To build and run your project go to Window > Preferences > Plug-inDevelopment > Target Platform and select 'verinice-platform'

The HitroUI Framework is a part of verinice. A simple XML-file definesall fields and field types which appear in the application. So thedatabase data and all displayed forms are generated dynamically.

This dynamic object model allows you to define additional data fieldsfor specific objects as needed or to remove unneeded fields from thestandard forms. That is how you can adapt verinice to your workingmethods and the requirements of your organization.

By using the object-relational mapper Hibernate, verinice is able toconnect with different database systems. The supported database systemsare:

• PostgreSQL
• Apache Derby
• Oracle DB

verinice uses a three-tier architecture where independent softwaremodules are implemented. A centralized database and an applicationserver provide data to the client.

The verinice.PRO application server complements the pure client with acentralized IS repository hosted in your company. It enables multiplepeople to work on one ISMS - even across different locations.

• fork our repository on GitHub

• become familiar with our coding standards and readverinice codingstyle

• send a pull request for your branch through GitHub

• this will trigger an email to the verinice developer mailing list

• discussion happens on your pull request on github

• after your pull request is approved, we pull the branch in ourinternal repository, do the merge there and push it back to theGitHub mirror

To build the Verinice client, client update site and server allat once execute the following command:

./mvnw -Dtycho.disableP2Mirrors=true clean verify

To see where the Verinice client, client update site and serverbuild artifacts can then be foundread the following sections.

If you want to skip the junit tests you need to add the-DskipTests parameter.

./mvnw -Dtycho.disableP2Mirrors=true -DskipTests clean verify

The built artifacts will be located insernet.verinice.releng.client.product/target/products/.Artifacts for the following platforms will be produced:

• Linux GTK 64 bit
• Windows 64 bit
• Mac OS X 64 bit

If you want to pack a JRE into the build, you can copy the JRE to

sernet.verinice.extraresources.feature/linux/jresernet.verinice.extraresources.feature/windows/jresernet.verinice.extraresources.feature/macos/jre

Packing the JRE is required for macOS builds. It isbest practice,to bundle a JRE into an Application.app folder. Hence in order toobtain a valid verinice.app a proper macOS JRE has to be present insernet.thirdparty.feature/macos.

The P2 update site will be located insernet.verinice.update_site/target/repository.

The WAR file (which can be deployed e.g. to Tomcat)will be located undersernet.verinice.releng.server.product/target/.The WAR file is of course platform independent (in contrast tothe Verinice client and report designer builds).

To update the version of the project

1. run

   ./mvnw -Dtycho.mode=maven -DnewVersion=x.y.z.qualifier tycho-versions:set-version

   Note thatqualifier is meant literately and is treated as amagic stringby tycho/osgi, i.e.

   ./mvnw -DnewVersion=1.19.0.qualifier tycho-versions:set-version

   will write1.19.0-SNAPSHOT into update pom.xml files and1.19.0.qualifierinto into updated feature.xml files. The final product version gets atimestamp, e.g.1.19.0.201908011226. SeePlugin Documentation for details.

2. update version and codename in the about text inBranding > About Dialog ofsernet.verinice.releng.client.product/sernet.verinice.releng.client.product and

3. synchronize the about text with the plugin (Overview > Testing >Synchronize) again insernet.verinice.releng.client.product/sernet.verinice.releng.client.product.

4. Update the version macro in the manuals.

5. Update the version in the splash screens of

   • verinice

   sernet.gs.ui.rcp.main/etc/splashscreen/splash.xcf