brainiac

command module

v1.14.0 Latest Latest Go to latest Published: Mar 25, 2024 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/carbonetes/brainiac

Links

Open Source Insights

README ¶

BrainIAC

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues. The BrainIAC tool performs a comprehensive code scan and generates reports containing detailed insights into the identified issues.

Features

🔍 | Scans IAC Code for misconfiguration.
📁 | Has hundreds of pre-defined rules.
📁 | Scans a target directory to fill in multiple results.
⛑ | Works with major platforms.
🗄 | Converts between formats such as JSON and Table BrainIAC own format.

Supported Platform

Kubernetes
Terraform(AWS, OCI, ARM, GCP, ALIBABA, Kubernetes, Yandex, NCP, Rancher)
Docker
CloudFormation
ARM template files

Installation 📥

Installation Support OS 💽

Mac
- darwin_amd64.tar.gz
- darwin_arm64.tar.gz
Linux
- deb
  - linux_amd64.deb
  - linux_arm64.deb
  - linux_ppc64le.deb
- rpm
  - linux_amd64.rpm
  - linux_arm64.rpm
  - linux_ppc64le.rpm
- tar.gz
  - linux_amd64.tar.gz
  - linux_arm64.tar.gz
  - linux_ppc64le.tar.gz
Windows
- windows_amd64.zip

Getting Started 🚀

Scan a single file

brainiac -f <file>

Scan multiple file in a directory

brainiac -d .

Using Docker

docker pull carbonetes/brainiac

Scan a directory

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -d /tmpPath

Scan a single file

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -f /path/{filename}.{extension}

The output format for BrainIAC is configurable as well using the -o (or --output) option:

The available formats are:

table: A Tabular summary (default).
json: Use this to get as much information out of BrainIAC.

Available Commands and their flags with description:

brainiac [flag]

Root Flags	Description
`-f`, `--file`	File to scan
`-d`, `--dir`	Read directly from a path on disk (any directory) (e.g. 'BrainIAC -d path/to/dir)' (can not be used together with --file).
`-o`, `--output`	Format to display results (table, json) (default "table")
`-v`, `--version`	Print BrainIAC version
`c`, `--check`	Each item should be a BrainIAC check ID(CB_K8S_023), and you can enter multiple items separated by commas. Only the specified checks will be executed, and any other checks will be skipped.
`--skip-check`	The same behavior applies to the --check flag, where you can enter multiple items separated by commas. However, only the specified checks will be skipped, and all other checks will be executed.
`--severity-criteria`	This is used to specify the severity level for filtering results. Only checks with a severity equal to or higher than the specified criteria will be included.([low medium high critical])

License

Apache 2.0

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
brainiac Package cmd Copyright © 2022 Carbonetes eng@carbonetes.com	Package cmd Copyright © 2022 Carbonetes eng@carbonetes.com
internal
checker
engine
file
logger
module
output
version
pkg
analysis
model

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL