🔱 CERBERUS — DevSecOps Pipeline Management Platform

Production-grade web platform that embeds SAST · SCA · Secrets · DAST scanning into every CI/CD pipeline run, with policy gates, vulnerability lifecycle management, RBAC, and an immutable audit trail.

Stack: PHP 8.1 · MySQL 8.0 · Java 17 · Apache 2.4 · HTML5 / CSS3 / ES2020 Design: HashiCorp dark marketing system — black canvas, charcoal surface lifts, eyebrow section labels, per-product accents as scan-type identity, no neon, no glow.

---

Installation

Option A: One-Click Docker (Recommended)

You can deploy Cerberus, its database, and all dependencies instantly using Docker.

1. Run docker-compose up -d
2. Visit http://localhost:8080/cerberus/ (The database is automatically seeded on the first run).

Option B: Manual (XAMPP)

1. Drop the folder into your XAMPP htdocs directory:

   C:\xampp\htdocs\cerberus\         (Windows)
   /Applications/XAMPP/htdocs/cerberus/   (macOS)
   /opt/lampp/htdocs/cerberus/       (Linux)
   

2. Start Apache + MySQL from the XAMPP control panel.

3. Create the database:

   • Open http://localhost/phpmyadmin
   • Click "Import" → choose database/schema.sql → Go
   • Click "Import" again → choose database/seed.sql → Go

4. Configure DB credentials (only if your XAMPP MySQL uses a non-default password) by editing config/database.php. Defaults assume root / empty password / localhost.

5. Compile the Java SAST engine (optional — the platform runs without it; mock scans still work):

   cd scanner
   bash build.sh

   This produces scanner/CerberusScanner.jar. Requires Java 17+ on PATH.

6. Visit http://localhost/cerberus/ and log in.

---

Demo credentials

Username	Password	Role
admin	Cerberus@123	Admin
sarah_sec	Cerberus@123	Security Engineer
dev_john	Cerberus@123	Developer
viewer_lisa	Cerberus@123	Viewer (read-only)

All passwords stored as bcrypt cost-12 hashes.

---

Folder map

cerberus/
├── index.php                 Login (public entry)
├── .htaccess                 Apache rewrite + security headers
├── config/                   DB · auth · constants
├── database/                 schema.sql · seed.sql
├── core/                     Auth · Database · AuditLogger · Scanner · PolicyEngine · Notification
├── pages/                    19 feature pages
├── api/                      5 AJAX endpoints
├── includes/layout/          header · sidebar · topbar · footer
├── includes/components/      7 reusable PHP components
├── assets/{css,js,img}/      Stylesheet · scripts · logo SVG
└── scanner/                  Java 17 SAST engine + 33-rule registry

---

Security posture

• All SQL via PDO prepared statements
• All output passes through h() (htmlspecialchars wrapper)
• CSRF token on every POST
• bcrypt cost 12 · session_regenerate_id(true) on login
• audit_logs is INSERT-only (no UPDATE/DELETE in code path)
• Java scanner invoked only via escapeshellarg()
• Secrets are masked at write-time and never displayed unmasked
• .htaccess ships strict CSP, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy

---

CS-305 Software Engineering · Muhammad Jawad Khan (Reg# 2500733)