Settings¶
To view the current settings, including defaults, use the command sereto settings show. To edit the settings in EDITOR, run sereto settings edit.
Minimal settings¶
As a bare minimum, you need to specify a projects_path and a templates_path.
If you don't have the variables configured, you will be prompted to enter them when you run any command:
sereto new TEST
It seems like this is the first time you're running the tool. Let's set it up!
📂 Enter the path to the projects directory: /home/demo/sereto_projects
📂 Enter the path to the templates directory: /home/demo/sereto_templates
projects_path¶
The path to the directory where the projects are located.
templates_path¶
The path to the directory where the templates are located.
Common settings¶
default_people¶
Default list of people to use in new projects. Each person object may include:
Attributes:
| Name | Type | Description |
|---|---|---|
type |
PersonType
|
Type of the person in relation to the assessment. |
name |
str | None
|
Full name of the person. |
business_unit |
str | None
|
Business unit the person belongs to. |
email |
EmailStr | None
|
Email address of the person. |
role |
str | None
|
Role of the person within the organization. |
The type attribute of a person can have the following values:
Attributes:
-
author–Author of the report.
-
requestor–Person who requested the assessment.
-
asset_owner–Owner of the asset being tested.
-
security_officer–Security officer responsible for the asset.
-
technical_contact–Person who can answer technical questions about the asset.
-
reviewer–Reviewer of the report.
plugins¶
Rendering settings¶
For rendering the documents, external commands, such as latexmk, are used. The sequence of commands to be used is specified in recipes.
render¶
Rendering settings.
Attributes:
| Name | Type | Description |
|---|---|---|
report_recipes |
Annotated[list[RenderRecipe], MinLen(1)]
|
list of |
finding_group_recipes |
Annotated[list[RenderRecipe], MinLen(1)]
|
list of |
sow_recipes |
Annotated[list[RenderRecipe], MinLen(1)]
|
list of |
target_recipes |
Annotated[list[RenderRecipe], MinLen(1)]
|
list of |
convert_recipes |
Annotated[list[ConvertRecipe], MinLen(1)]
|
list of |
tools |
Annotated[list[RenderTool], MinLen(1)]
|
list of |
tools¶
List of rendering tools to be used in recipes. Each tool has the following attributes.
report_recipes, finding_group_recipes, sow_recipes, target_recipes¶
Lists of recipes to be used for reports, finding groups, SoWs and targets, respectively. Each recipe has the following attributes.
convert_recipes¶
List of recipes to be used for converting between file formats. Each recipe has the following attributes.
Attributes:
| Name | Type | Description |
|---|---|---|
name |
str
|
name of the recipe |
tools |
Annotated[list[str], MinLen(1)]
|
list of |
input_format |
FileFormat
|
input file format |
output_format |
FileFormat
|
output file format |
Other settings¶
categories¶
List of categories, such as DAST, SAST, infrastructure, etc.
risk_due_dates¶
A dictionary of risk levels and time periods in which findings with given risk levels should be addressed. These values are used to set the recommended due dates for findings in the report. The values follow the ISO 8601 format for durations (e.g., P7D for 7 days).
Full configuration example¶
{
"projects_path": "/home/demo/sereto/projects",
"templates_path": "/home/demo/sereto/templates",
"default_people": [
{
"type": "author",
"name": "John Doe",
"business_unit": "Pentest Unit",
"email": "john.doe@example.com",
"role": "Penetration Tester"
},
{
"type": "technical_contact",
"name": "Jane Doe",
"business_unit": "Pentest Unit",
"email": "jane.doe@example.com",
"role": "Pentest Manager"
}
],
"plugins": {
"enabled": true,
"directory": "/home/demo/sereto/plugins"
}
"render": {
"report_recipes": [
{
"name": "default-report",
"tools": [
"latexmk"
]
}
],
"finding_group_recipes": [
{
"name": "default-finding",
"tools": [
"latexmk-finding"
]
}
],
"sow_recipes": [
{
"name": "default-sow",
"tools": [
"latexmk"
]
}
],
"target_recipes": [
{
"name": "default-target",
"tools": [
"latexmk-target"
]
}
],
"convert_recipes": [
{
"name": "convert-md-to-tex",
"tools": [
"pandoc-md"
],
"input_format": "md",
"output_format": "tex"
}
],
"tools": [
{
"name": "pandoc-md",
"command": "pandoc",
"args": [
"--from=markdown-implicit_figures",
"--to=latex",
"--sandbox",
"--filter=%TEMPLATES%/pandocfilters/acronyms.py",
"--filter=%TEMPLATES%/pandocfilters/graphics.py",
"--filter=%TEMPLATES%/pandocfilters/verbatim.py",
]
},
{
"name": "latexmk",
"command": "latexmk",
"args": [
"-xelatex",
"-interaction=batchmode",
"-halt-on-error",
"%DOC%"
]
},
{
"name": "latexmk-target",
"command": "latexmk",
"args": [
"-xelatex",
"-interaction=batchmode",
"-halt-on-error",
"%DOC%"
]
},
{
"name": "latexmk-finding",
"command": "latexmk",
"args": [
"-xelatex",
"-interaction=batchmode",
"-halt-on-error",
"%DOC%"
]
}
]
},
"categories": [
"scenario",
"mobile",
"cicd",
"sast",
"rd",
"infrastructure",
"dast",
"portal",
"generic",
"kubernetes"
],
"risk_due_dates": {
"critical": "P7D",
"high": "P14D",
"medium": "P30D",
"low": "P90D"
}
}