VSAQ – How to install on CentOS7

VSAQ – Free, Interactive Vendor Security Assessment Questionnaire

Creating and managing vendor security assessments can be a challenge. Google has shared VSAQ via Github their solution to this problem. I must admit that it is pretty slick.

Check out the Google demo here!

VSAQ is a free, open source vendor security assessment questionnaire. It can help assess on premises, hybrid, and cloud SaaS vendor solutions.

Having an interactive questionnaire can be quite helpful in vendor engagement. If vendors are uses best practices, they get a relatively short questionnaire. On the other hand, vendors who stray away from best practices will need to explain themselves and answer more questions. Not only does it ask vendors additional questions based on response, but it also creates warning levels.  Because these warnings levels show the vendor how serious we consider potential weaknesses.

Another advantage is the fact that there is no time wasted on emails back and forth with vendors. They can fill out this form by simply following a link. VSAQ does not save answers on the server. Because the vendor will download the answer file and send it back. You can also configure the download button to save the file to a network location if you prefer.

Installation of VSAQ on CentOS 7

Google posted simple installation instructions on Github but they are incomplete. Additonal repo and tools are required. I will include my installation procedure below. Please note that these instructions are just basic installation instructions. For more information about securing and hardening Linux check out the CIS Benchmark for CentOS 7.

So let’s get started!

Install Pre-Requisite Software

sudo yum -y install unzip
sudo yum -y install ant 
sudo yum -y install git
sudo yum -y install curl
sudo yum -y install maven
sudo yum -y install wget

sudo yum -y install java-1.7.0-openjdk-devel

Install Apache

sudo yum -y install httpd
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload
sudo systemctl start httpd
sudo systemctl enable httpd

Clone Github Repositories

cd /

sudo git clone https://github.com/google/vsaq

cd third_party/

sudo git clone https://github.com/google/closure-compiler

sudo git clone https://github.com/google/closure-library

sudo git clone https://github.com/google/closure-stylesheets

sudo git clone https://github.com/jleyba/js-dossier

sudo git clone https://github.com/google/safe-html-types

sudo git clone https://github.com/google/closure-templates

Install Dependencies

cd /vsaq/

sudo ./do.sh install_deps

Check Dependencies

sudo ./do.sh check_deps

Build VSAQ

sudo ./do.sh build

Move Files to Public Website

sudo cp -r build . /var/www/html/

Start the Server

sudo ./do.sh run

Browse to the Questionnaire


Secure the Server

Make sure to harden the server as we have only covered basics. So make sure to secure this server.  CIS has great guide for hardening CentOS7.

CIS Benchmark for CentOS 7

0 Points

Leave a Reply

Your email address will not be published. Required fields are marked *