Mercator is an Open Source web application to manage the mapping of an information system as described in the Mapping The Information System Guide of the ANSSI. The documentation and application sources are published on GitHub.
Read this in other languages: French
Computer attacks occur in a constantly changing environment. To meet these challenges, it is necessary to implement a global approach to risk management within the organization.
The mapping of the Information System allows to have a global view of all the elements which compose the information system to obtain a better readability, and thus a better control.
The elaboration of a cartography participates in the protection, the defense and the resilience of the information system. It is an essential tool for the control of its information system and is an obligation for operators of vital importance and is part of a global risk management approach.
- Graphical views of the ecosystem, information system, administration, logical, applications, and physical infrastructure
- Generate information system architecture report
- Draw mapping diagrams
- Compute compliance levels
- Search for CVE with CVE-Search
- Extraction in Excel, CSV, PDF ... of all lists
- REST API with JSON
- Multi-user with role management
- Multilingual
- Connection to LDAP or Active Directory
- CPE - Common Platform Enumeration
Main page
Compliance Levels
Input screen
Drawing of the cartography
Explore
Data model
- PHP, Javascript, Laravel
- Supported databases: MySQL, Postgres, SQLite, SQL Server (see: Laravel/Databases/introduction )
- WebAssembly + Graphviz
- ChartJS
- See Installation on Ubuntu
- See Installation on RedHat
First download the docker image.
docker pull ghcr.io/dbarzin/mercator:latest
Then you can run an ephemeral local instance in development mode (i.e. http):
docker run -it --rm --name mercator -e APP_ENV=development -p "127.0.0.1:8000":80 ghcr.io/dbarzin/mercator:latest
By default it uses an SQLite backend. If you want to make data persistent:
touch ./db.sqlite && chmod a+w ./db.sqlite
docker run -it --rm --name mercator -e APP_ENV=development -p "127.0.0.1:8000":80 -v $PWD/db.sqlite:/var/www/mercator/sql/db.sqlite ghcr.io/dbarzin/mercator:latest
Finally you can populate the database with demo data through the USE_DEMO_DATA
environment variable:
touch ./db.sqlite && chmod a+w ./db.sqlite
docker run -it --rm \
--name mercator \
-e APP_ENV=development \
-p "127.0.0.1:8000":80 \
-v $PWD/db.sqlite:/var/www/mercator/sql/db.sqlite \
-e USE_DEMO_DATA=1 \
ghcr.io/dbarzin/mercator:latest
Visit http://127.0.0.1:8000 !
If you are looking for a more robust (https) and automated environment, please have a look on docker-compose folder.
All notable changes to this project are documented.
Mercator is an open source software distributed under GPL.