vilicus

module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2021 License: MIT

README

Vilicus

Table of Contents

Overview

Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics. It can perform using Anchore[https://github.com/anchore/anchore-engine], Clair[https://github.com/quay/clair] and Trivy[https://github.com/aquasecurity/trivy]

How does it work?

There many tools to scan container images, but sometimes the results can be diferent in each one them. So the main goal of this project is to help development teams improve the quality of their container images by finding vulnerabilities and thus addressing them with anagnostic sight from vendors.

Here you can find articles comparing the scanning tools:

Architecture

Kiku

Development

Run deployment manually
docker-compose -f deployments/docker-compose.yaml up -d

Usage

Using vilicus client
curl -o /tmp/wait-for-it.sh https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh
chmod +x /tmp/wait-for-it.sh
curl -o docker-compose.yml https://raw.githubusercontent.com/edersonbrilhante/vilicus/main/deployments/docker-compose.yml
docker-compose -f docker-compose.yml up -d
/tmp/wait-for-it.sh http://localhost:8040 -- docker exec vilicus vilicus-client -p /run/conf.yaml -i <image>
Example of analysis
 curl -XPOST 'http://localhost:8040/analysis' \
-H 'Content-Type: application/json' \
-d '{"image":"node"}'
Example Result 
  {
    "id": "be89226e-ff60-4e04-8804-e091529742c3",
    "image": "node",
    "status": "finished",
    "created_at": "2021-02-02T20:02:20.775067Z",
    "updated_at": "2021-02-02T20:07:11.059549Z",
    "vilicus_results": {
      "clair": {
        "unknown_vulns": [{
          "fix": "0:0",
          "urls": [
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0501"
          ],
          "name": "CVE-2018-0501",
          "severity": "Unknown",
          "package_name": "apt",
          "package_version": "1.4.11"
        }]
      },
      "anchore_engine ": {
        "high_vulns": [{
            "fix": "None",
            "urls": [
              "https://security-tracker.debian.org/tracker/CVE-2020-27843"
            ],
            "name": "CVE-2020-27843",
            "severity": "High",
            "package_name": "libopenjp2-7",
            "package_version": "2.1.2-1.1+deb9u5"
          }
        ]
      },
      "trivy": {
        "high_vulns": [{
            "fix": "",
            "urls": [
              "https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup"
            ],
            "name": "CVE-2018-12886",
            "severity": "High",
            "package_name": "cpp-6",
            "package_version": "6.3.0-18+deb9u1"
          }
        ]
      }
    }
  }

Directories

Path Synopsis
cmd
api
client
migration
pkg
analyzer
analyzer/anchoreengine
analyzer/clair
analyzer/trivy
api
api/analysis
api/analysis/logging
api/analysis/platform/pgsql
api/analysis/transport
api/healthcheck/transport
client
log
report
types
util/config
util/postgres
util/server
util/zlog

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.