HOW TO USE THIS GUIDE

ORGANIZATION AND CONVENTIONS

This guide is organized into four main sections:

  • Installation && Command Line (“getting started”)
  • Creating Policies (“policy generation”)
  • What’s in the Policy (“security.json”)
  • What’s in the Boilerplate (“security.js”)

If this is your first time using _spartan, you should step through each section in order

Along the way, you might come across notes, tips and warnings like the one above. Pay attention to these! They provide some additional insight into what’s going on under the hood with _spartan and can help you understand why you might be getting errors.

If you’re a _spartan power user, and you know what you’re looking for, the search field will show you every reference in the documentation to what you’re looking for. Additionally, each “main page” breaks down what you’ll find on the subsequent pages.

To the greatest extent possible, we try to show the actual code base, followed by descriptions, allowed values and defaults in subsequent tables; in areas where you’ll need to add code to your application, we include its definition, usage, parameters and properties (if any)

Convention Example
type this command _spartan -u
[optional value] _spartan -u [L]
[ | (or) this value] _spartan -u [|--update]

TERMINOLOGY

Term Definition
policy JSON file containing all components and configurations necessary to define the application’s security posture; the basis for pre-configuring the boilerplate code; stored and referenced as ‘security.json’
boilerplate Javascript file containing upto 9 pre-configured submodules which are available to the main application codebase; stored and referenced as ‘security.js’
npm “Node Package Manager” (npm) - the primary means to install the _spartan application; see the npm docs for more details
_spartan It’s this. It’s what we’re talking about right now; stored and referenced on npm as ‘spartan-shield’; referenced from the command line as _spartan
yarn Another javascript package manager, akin to npm; alternative means to download/install _spartan; see the yarn docs for more details
integrity Ok, so here’s the fancy definition: “In information security, [data] integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle”; for the purposes of _spartan, it refers to a method of identifying changes in a document (policy, boilerplate)
hash Once again, here’s the fancy definition: “It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, that is, a function which is infeasible to invert”; for the purposes of _spartan it refers to the actual alphanumeric value generated by running the ‘integrity’ method
salt Fancy definition: “a salt is random data that is used as an additional input to a one-way function that “hashes” data, a password or passphrase.”
CI/CD Continuous Integration/Continuous Delivery [Deployment] => Continuous integration (CI) is a practice where a team of developers integrate their code early and often to the main branch or code repository. Continuous delivery is an approach where teams release quality products frequently and predictably from source code repository to production in an automated fashion. In continuous deployment, every change pushed to the main code repository is automatically pushed into production and made available to end users see this guide for more information on CI/CD