GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → edersonbrilhante → vilicus

edersonbrilhante / vilicus

Licence: MIT license
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Programming Languages

SCSS
7915 projects
javascript
184084 projects - #8 most used programming language
go
31211 projects - #10 most used programming language
shell
77523 projects
Smarty
1635 projects
Makefile
30231 projects

Labels

dockersecuritydocker-imageocioci-imagesecurity-vulnerabilityclaircicdsecurity-scannervilicussecurity-toolsdocker-scanneranchoretrivyoci-scannerscan-images

Projects that are alternatives of or similar to vilicus

Clair
Vulnerability Static Analysis for Containers
Stars: ✭ 8,356 (+10090.24%)
Mutual labels:  oci, oci-image, clair
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+11042.68%)
Mutual labels:  security-vulnerability, security-scanner
Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+870.73%)
Mutual labels:  security-vulnerability, security-scanner
fullmetalupdate
FullMetalUpdate Python client application.
Stars: ✭ 19 (-76.83%)
Mutual labels:  oci, oci-image
CKS-Exercises-Certified-Kubernetes-Security-Specialist
A set of curated exercises to help you prepare for the CKS exam
Stars: ✭ 124 (+51.22%)
Mutual labels:  anchore, trivy
moodlescan
Tool for scan vulnerabilities in Moodle platforms
Stars: ✭ 54 (-34.15%)
Mutual labels:  security-vulnerability, security-scanner
Btle Sniffer
Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them
Stars: ✭ 87 (+6.1%)
Mutual labels:  security-vulnerability, security-scanner
NetworkAlarm
A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-79.27%)
Mutual labels:  security-vulnerability, security-scanner
imgcrypt
OCI Image Encryption Package
Stars: ✭ 214 (+160.98%)
Mutual labels:  oci, oci-image
ctnr
rootless runc-based container engine - deprecated in favour of podman
Stars: ✭ 30 (-63.41%)
Mutual labels:  oci, oci-image
oci-build-task
a Concourse task for building OCI images
Stars: ✭ 57 (-30.49%)
Mutual labels:  oci, oci-image
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+10685.37%)
Mutual labels:  security-vulnerability, security-scanner
ocibuilder
A tool to build OCI compliant images
Stars: ✭ 63 (-23.17%)
Mutual labels:  oci, oci-image
Buildkit
concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit
Stars: ✭ 4,537 (+5432.93%)
Mutual labels:  oci, oci-image
filegrain
transport-agnostic, fine-grained content-addressable container image layout
Stars: ✭ 23 (-71.95%)
Mutual labels:  oci, oci-image
Terrier
Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.
Stars: ✭ 203 (+147.56%)
Mutual labels:  oci
Distribution Spec
OCI Distribution Specification
Stars: ✭ 250 (+204.88%)
Mutual labels:  oci
Syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
Stars: ✭ 196 (+139.02%)
Mutual labels:  oci
Runtime
Kata Containers version 1.x runtime (for version 2.x see https://github.com/kata-containers/kata-containers).
Stars: ✭ 2,103 (+2464.63%)
Mutual labels:  oci
terraform-oci-compute-instance
Terraform Module for creating Oracle Cloud Infrastructure compute instances
Stars: ✭ 29 (-64.63%)
Mutual labels:  oci
View All Similar Projects ➔

Vilicus

Table of Contents

Overview

Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics. It can perform using Anchore, Clair and Trivy.

How does it work?

There many tools to scan container images, but sometimes the results can be diferent in each one them. So the main goal of this project is to help development teams improve the quality of their container images by finding vulnerabilities and thus addressing them with anagnostic sight from vendors.

Here you can find articles comparing the scanning tools:

Architecture

Kiku

Development

Run deployment manually

docker-compose -f deployments/docker-compose.yaml up -d

Usage

Requirements

  • Disk Space ~30GB:
    • Docker System:
      • Images ~14GB
      • Containers ~11GB
      • Local Volumes ~200MB
  • Docker
  • Docker Compose
  • Bash
  • Wget

Using vilicus client

Run these following commands:

export TEMPLATE=<template>
export OUTPUT=<output>
export IMAGE=<public_image>|<vilicus_local_image>
wget -O run-job.sh https://raw.githubusercontent.com/edersonbrilhante/vilicus/main/scripts/run-job.sh
chmod +x ./run-job.sh
./run-job.sh

The result will be stored in into the file set by the environment variable OUTPUT.

Templates and Outputs

Gitlab
Template: /opt/vilicus/contrib/gitlab.tpl
Output: /artifacts/gl-container-scanning-report.json

Sarif
Template: /opt/vilicus/contrib/sarif.tpl
Output: /artifacts/result.sarif

Public image and Local images

Vilicus provides support images hosted in public repository and local builds. Public image is an image hosted in public repository such as DockerHub. To scan images in self-hosted registry or local build you must tag the image to the vilicus local registry.

Self-hosted registry docker tag <self-hosted-registry>/<image:tag> localhost:5000/<image:tag>

Local build docker build -t localhost:5000/<image:tag> -f <Dockerfile> <context>

Free Online Service

Vilicus also provides a free online service.

How it works?

This service is a serverless full-stack application with backend workers and database only using git and ci/cd runners.

The Frontend is hosted in GitHub Pages. This frontend is a landing page with a free service to scan or display the vulnerabilities in container images.

The results of container image scans are stored in a GitLab Repository.

When the user asks to show the results from an image, the frontend consumes the GitLab API to retrieve the file with vulns from this image. In case this image is not scanned yet, the user has the option to schedule a scan using a google form.

When this form is filled, the data is sent to a Google Spreadsheet.

A GitHub Workflow runs every 5 minutes to check if there are new answers in this Spreadsheet. For each new image in the Spreadsheet, this workflow triggers another Workflow to scan the image and save the result in the GitLab Repository.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].