GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → SDA-SE → cluster-image-scanner

SDA-SE / cluster-image-scanner

Licence: MIT license
Discover vulnerabilities and container image misconfiguration in production environments.

Programming Languages

shell
77523 projects

Labels

kubernetessecurityimagescanningsecurity-tools

Projects that are alternatives of or similar to cluster-image-scanner

Phonia
Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy.
Stars: ✭ 221 (+413.95%)
Mutual labels:  scanning
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+2832.56%)
Mutual labels:  scanning
NETNOOB
A simple program written in bash that contains basic Linux network tools, information gathering tools and scanning tools.
Stars: ✭ 105 (+144.19%)
Mutual labels:  scanning
Opencv
📷 Computer-Vision Demos
Stars: ✭ 244 (+467.44%)
Mutual labels:  scanning
py-bluetooth-utils
Python module containing bluetooth utility functions, in particular for easy BLE scanning and advertising
Stars: ✭ 60 (+39.53%)
Mutual labels:  scanning
Hack4Squad
💀 A bash hacking and scanning framework.
Stars: ✭ 45 (+4.65%)
Mutual labels:  scanning
Platypus
Large-scale server monitoring application written in Golang
Stars: ✭ 190 (+341.86%)
Mutual labels:  scanning
Batch-Antivirus
Batch Antivirus, a powerful antivirus suite written in batch with real-time protection and heuristical scanning.
Stars: ✭ 26 (-39.53%)
Mutual labels:  scanning
scantailor-universal
ScanTailor Universal - a fork based on Enhanced+Featured+Master versions of ST
Stars: ✭ 135 (+213.95%)
Mutual labels:  scanning
xmap
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.
Stars: ✭ 190 (+341.86%)
Mutual labels:  scanning
Txtool
an easy pentesting tool.
Stars: ✭ 246 (+472.09%)
Mutual labels:  scanning
ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+2858.14%)
Mutual labels:  scanning
deskew
Deskew is a command line tool for deskewing scanned text documents. It uses Hough transform to detect "text lines" in the image. As an output, you get an image rotated so that the lines are horizontal.
Stars: ✭ 127 (+195.35%)
Mutual labels:  scanning
Chopchop
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Stars: ✭ 227 (+427.91%)
Mutual labels:  scanning
Perspec
Scriptable desktop app to correct the perspective of images
Stars: ✭ 523 (+1116.28%)
Mutual labels:  scanning
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+5825.58%)
Mutual labels:  scanning
WiFiPS
WiFi Based Indoor Positioning System, A MVP android Application
Stars: ✭ 105 (+144.19%)
Mutual labels:  scanning
knxmap
KNXnet/IP scanning and auditing tool for KNX home automation installations.
Stars: ✭ 97 (+125.58%)
Mutual labels:  scanning
NetworkAlarm
A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-60.47%)
Mutual labels:  scanning
CEH
Exam Prep for the Ec-council Certified Ethical Hacker 312-50
Stars: ✭ 71 (+65.12%)
Mutual labels:  scanning
View All Similar Projects ➔

ClusterImageScanner

Logo

Discover vulnerabilities and container image misconfiguration in production environments.

Introduction

The ClusterImageScanner detects images in a Kubernetes cluster and provides fast feedback based on various security tests. It is recommended to run the ClusterImageScanner in production environments in order to get up-to-date feedback on security issues where they have real impact.

Since the ClusterImageScanner itself is a service running within your Kubernetes cluster you can re-use your existing deployment procedures.

Overview

The following figure provides an overview: Overview The following steps are conducted.

  1. The Image Collector, as the name suggests, collects the different images from a container environment like a kubernetes cluster. The Collector creates a JSON file and including information like the cluster, the responsible team, and image.
  2. The Orchestrator (implemented via ArgoWorkflows) starts the workflow periodically (e.g. nightly)
  3. The images from the Collector can be pulled by the Image Fetcher
  4. These files are kept in a separate directory and from there they are passed to the scanner
  5. This scanner - which then receives the libraries to be ignored via the suppressions file - then executes the scans described in the definitions of Dependency Check, Lifetime, Virus and further more.
  6. The vulnerability management system (in our case OWASP DefectDojo) then collects the results
  7. Non responded to findings are made available to the developers via a communication channel (Slack/Email).

Documentation Table of Contents

Video (English): SDA SE CluserImageScanner is going Open Source, 2021-03

Images

Images to be used by ArgoWorkflows are published in quay.io (2021-06-28):

  • cluster-image-scanner-scan-dependency-check
  • cluster-image-scanner-scan-runasroot
  • cluster-image-scanner-scan-distroless
  • cluster-image-scanner-scan-lifetime
  • cluster-image-scanner-scan-malware
  • cluster-image-scanner-scan-new-version
  • cluster-image-scanner-imagefetcher
  • cluster-image-scanner-notifier
  • cluster-image-scanner-imagecollector
  • cluster-image-scanner-image-source-fetcher
  • cluster-image-scanner-workflow-runner
  • quay.io/sdase/defectdojo-client

cluster-image-scanner-base is the base for all cluster-image-scanner-* images.

Images are build with buildah. The env. parameters the image can be started with are documented via --config within the build.sh scripts within the images.

Contributing

We are looking forward to contributions. Take a look at our Contribution Guidelines before submitting Pull Requests.

Responsible Disclosure and Security

The SECURITY.md includes information on responsible disclosure and security related topics like security patches.

Legal Notice

The purpose of the ClusterImageScanner is not to replace the penetration testers or make them obsolete. We strongly recommend running extensive tests by experienced penetration testers on all your applications. The ClusterImageScanner is to be used only for testing purpose of your running applications/containers. You need a written agreement of the organization of the environment under scan to scan components with the ClusterScanner.

Author Information

This project is developed by Signal Iduna and SDA SE.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].