README
ΒΆ
Discovery Status
β
: Discovered
β: Not Discovered
π«: Not available
Compute
Expand
Function
| Evidence | Azure | AWS |
|---|---|---|
| Compute | β | β |
| RuntimeLanguage | β | β |
| RuntimeVersion | β | β |
VirtualMachine
| Evidence | Azure | AWS |
|---|---|---|
| Compute | β | β |
| BlockStorage | β | β |
| MalwareProtection | β | β |
| BootLogging | β | β |
| OSLogging | β | β |
| AutomaticUpdates | β | β |
Compute
| Evidence | Azure | AWS |
|---|---|---|
| Resource | β | β |
| NetworkInterfaces | β | β |
| ResourceLogging | β | |
| Backups | β |
Resource
| Evidence | Azure | AWS |
|---|---|---|
| ID | β | β |
| Name | β | β |
| Type | β | β |
| GeoLocation | β | β |
| Labels | β | β |
OSLogging
| Evidence | Azure | AWS |
|---|---|---|
| Auditing | β | π« |
| SecurityFeature | β | π« |
| Enabled | β | β |
| LoggingService | β | π« |
| RetentionPeriod | β | π« |
BootLogging
| Evidence | Azure | AWS |
|---|---|---|
| Auditing | β | π« |
| SecurityFeature | β | π« |
| Enabled | β | β |
| LoggingService | β | π« |
| RetentionPeriod | β | π« |
ResourceLogging
| Evidence | Azure | AWS |
|---|---|---|
| MonitoringLogDataEnabled | β | |
| SecurityAlertsEnabled | β |
BlockStorage
| Evidence | Azure | AWS |
|---|---|---|
| Resource | β | β |
| AtRestEncryption | β | β |
| Immutability | β | β |
| Backups | β | β |
ManagedKeyEncryption
| Evidence | Azure | AWS |
|---|---|---|
| Enabled | β | β |
| Algorithm | β | β |
CustomerKeyEncryption
| Evidence | Azure | AWS |
|---|---|---|
| Enabled | β | β |
| Algorithm | β | β |
| KeyUrl | β | β |
Network
Expand
LoadBalancer
| Evidence | Azure | AWS |
|---|---|---|
| Networkservice | β | β |
| AccessRestriction | β | β |
| HttpEndpoints | β | β |
| Networkservices | β | β |
| Urls | β | β |
Networkservice
| Evidence | Azure | AWS |
|---|---|---|
| Networking | β | β |
| Authenticity | β | β |
| Compute | β | β |
| TransportEncryption | β | β |
| Ips | β | β |
| Ports | β | β |
Networkinterfaces
| Evidence | Azure | AWS |
|---|---|---|
| Networking | β | β |
| Networkservice | β | β |
| AccessRestriction | partly | β |
Storage
Expand
ObjectStorage
| Evidence | Azure | AWS |
|---|---|---|
| Storage | β | β |
| PublicAccess | β | β |
| Backups | β |
Storage
| Evidence | Azure | AWS |
|---|---|---|
| Resource | β | β |
| AtRestEncryption | β | β |
| Immutability | β | β |
| ResourceLogging | β | |
| Backups | β |
ObjectStorageService
| Evidence | Azure | AWS |
|---|---|---|
| NetworkService | β | β |
| HttpEndpoint | β | β |
Networkservice
| Evidence | Azure | AWS |
|---|---|---|
| Networking | β | β |
| Authenticity | β | β |
| Compute | β | β |
| TransportEncryption | β | β |
| Ips | β | β |
| Ports | β | β |
HttpEndpoint
| Evidence | Azure | AWS |
|---|---|---|
| Url | β | β |
| TransportEncryption | β | β |
FileStorage
| Evidence | Azure | AWS |
|---|---|---|
| Storage | β | β |
| Backups | β |
ManagedKeyEncryption
| Evidence | Azure | AWS |
|---|---|---|
| Enabled | β | β |
| Algorithm | β | β |
CustomerKeyEncryption
| Evidence | Azure | AWS |
|---|---|---|
| Enabled | β | β |
| Algorithm | β | β |
| KeyUrl | β | β |
Database Storage
| Evidence | Azure | AWS |
|---|---|---|
| Storage | β | β |
| Parent | β | β |
Database Service
| Evidence | Azure | AWS |
|---|---|---|
| NetworkService | β | β |
| AnomalyDetection | β | β |
Networkservice
| Evidence | Azure | AWS |
|---|---|---|
| Networking | β | β |
| Authenticity | β | β |
| Compute | β | β |
| TransportEncryption | β | β |
| Ips | β | β |
| Ports | β | β |
Azure Backup
Expand
There are 2 different backup solutions for different resources
- Backup Vaults and
- Recovery Services Vault.
| Resource | Backup Vaults | Recovery Services Vault |
|---|---|---|
| Azure Virtual Machine | x | |
| Azure Storage (Files) | x | |
| Azure Backup Agent | x | |
| Azure Backup Server | x | |
| DPM | x | |
| SQL in Azure VM | x | |
| SAP HANA in Azure VM | x | |
| Azure Storage (Blobs) | x | |
| Azure disks | x | |
| Azure Database for PostgreSQL servers | x | |
| Kubernetes Services | x |
Documentation
ΒΆ
Index ΒΆ
- Constants
- func DefaultServiceSpec() launcher.ServiceSpec
- func WithAdditionalDiscoverers(discoverers []discovery.Discoverer) service.Option[*Service]
- func WithAssessmentAddress(target string, opts ...grpc.DialOption) service.Option[*Service]
- func WithAuthorizationStrategy(authz service.AuthorizationStrategy) service.Option[*Service]
- func WithCertificationTargetID(ID string) service.Option[*Service]
- func WithDiscoveryInterval(interval time.Duration) service.Option[*Service]
- func WithEvidenceCollectorToolID(ID string) service.Option[*Service]
- func WithOAuth2Authorizer(config *clientcredentials.Config) service.Option[*Service]
- func WithProviders(providersList []string) service.Option[*Service]
- func WithStorage(storage persistence.Storage) service.Option[*Service]
- type DiscoveryEvent
- type DiscoveryEventType
- type Service
- func (svc *Service) GetCertificationTargetId() string
- func (svc *Service) Init()
- func (svc *Service) ListGraphEdges(ctx context.Context, req *discovery.ListGraphEdgesRequest) (res *discovery.ListGraphEdgesResponse, err error)
- func (svc *Service) ListResources(ctx context.Context, req *discovery.ListResourcesRequest) (res *discovery.ListResourcesResponse, err error)
- func (svc *Service) Shutdown()
- func (svc *Service) Start(ctx context.Context, req *discovery.StartDiscoveryRequest) (resp *discovery.StartDiscoveryResponse, err error)
- func (svc *Service) StartDiscovery(discoverer discovery.Discoverer)
- func (svc *Service) UpdateResource(ctx context.Context, req *discovery.UpdateResourceRequest) (res *discovery.Resource, err error)
Constants ΒΆ
const ( ProviderAWS = "aws" ProviderK8S = "k8s" ProviderAzure = "azure" ProviderCSAF = "csaf" ProviderCMC = "cmc" )
const (
// DefaultAssessmentAddress specifies the default gRPC address of the assessment service.
DefaultAssessmentAddress = "localhost:9090"
)
Variables ΒΆ
This section is empty.
Functions ΒΆ
func DefaultServiceSpec ΒΆ
func DefaultServiceSpec() launcher.ServiceSpec
DefaultServiceSpec returns a launcher.ServiceSpec for this Service with all necessary options retrieved from the config system.
func WithAdditionalDiscoverers ΒΆ
func WithAdditionalDiscoverers(discoverers []discovery.Discoverer) service.Option[*Service]
WithAdditionalDiscoverers is an option to add additional discoverers for discovering. Note: These are added in addition to the ones created by WithProviders.
func WithAssessmentAddress ΒΆ
WithAssessmentAddress is an option to configure the assessment service gRPC address.
func WithAuthorizationStrategy ΒΆ
func WithAuthorizationStrategy(authz service.AuthorizationStrategy) service.Option[*Service]
WithAuthorizationStrategy is an option that configures an authorization strategy to be used with this service.
func WithCertificationTargetID ΒΆ
WithCertificationTargetID is an option to configure the certification target ID for which resources will be discovered.
func WithDiscoveryInterval ΒΆ
WithDiscoveryInterval is an option to set the discovery interval. If not set, the discovery is set to 5 minutes.
func WithEvidenceCollectorToolID ΒΆ
WithEvidenceCollectorToolID is an option to configure the collector tool ID that is used to discover resources.
func WithOAuth2Authorizer ΒΆ
func WithOAuth2Authorizer(config *clientcredentials.Config) service.Option[*Service]
WithOAuth2Authorizer is an option to use an OAuth 2.0 authorizer
func WithProviders ΒΆ
WithProviders is an option to set providers for discovering
func WithStorage ΒΆ
func WithStorage(storage persistence.Storage) service.Option[*Service]
WithStorage is an option to set the storage. If not set, NewService will use inmemory storage.
Types ΒΆ
type DiscoveryEvent ΒΆ
type DiscoveryEvent struct {
Type DiscoveryEventType
DiscovererName string
DiscoveredItems int
Time time.Time
}
DiscoveryEvent represents an event that is emitted if certain situations happen in the discoverer (defined by DiscoveryEventType). Examples would be the start or the end of the discovery. We will potentially expand this in the future.
type DiscoveryEventType ΒΆ
type DiscoveryEventType int
DiscoveryEventType defines the event types for DiscoveryEvent.
const ( // DiscovererStart is emitted at the start of a discovery run. DiscovererStart DiscoveryEventType = iota // DiscovererFinished is emitted at the end of a discovery run. DiscovererFinished )
type Service ΒΆ
type Service struct {
discovery.UnimplementedDiscoveryServer
discovery.UnimplementedExperimentalDiscoveryServer
Events chan *DiscoveryEvent
// contains filtered or unexported fields
}
Service is an implementation of the Clouditor Discovery service (plus its experimental extensions). It should not be used directly, but rather the NewService constructor should be used.
func (*Service) GetCertificationTargetId ΒΆ
GetCertificationTargetId implements CertificationTargetRequest for this service. This is a little trick, so that we can call CheckAccess directly on the service. This is necessary because the discovery service itself is tied to a specific certification target ID, instead of the individual requests that are made against the service.
func (*Service) ListGraphEdges ΒΆ
func (svc *Service) ListGraphEdges(ctx context.Context, req *discovery.ListGraphEdgesRequest) (res *discovery.ListGraphEdgesResponse, err error)
func (*Service) ListResources ΒΆ
func (svc *Service) ListResources(ctx context.Context, req *discovery.ListResourcesRequest) (res *discovery.ListResourcesResponse, err error)
func (*Service) Start ΒΆ
func (svc *Service) Start(ctx context.Context, req *discovery.StartDiscoveryRequest) (resp *discovery.StartDiscoveryResponse, err error)
Start starts discovery
func (*Service) StartDiscovery ΒΆ
func (svc *Service) StartDiscovery(discoverer discovery.Discoverer)
Source Files
Directories