cloud-scanner

command module

v0.0.0-...-85f05cb Latest Latest Go to latest Published: May 21, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/khulnasoft-lab/cloud-scanner

Links

Open Source Insights

README ¶

Khulnasoft Cloud Scanner

Khulnasoft Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Khulnasoft Kengine or ThreatStryker Management Console.

Deploy Khulnasoft Cloud Scanner using the appropriate Terraform module for the cloud you wish to monitor.

Deploying Cloud Scanner

Cloud scanner is deployed in ECS Fargate / GCP Cloud Run / Azure Container Instance
Deployment is done using AWS CloudFormation template or terraform
Documentation: https://docs.khulnasoft.com/kengine/docs/cloudscanner/

Build

./bootstrap.sh
make docker

Usage (cli mode)

AWS

Available benchmarks:

pci (PCI DSS v3.2.1)
cis (CIS v2.0.0)
gdpr (GDPR)
hipaa (HIPAA Final Omnibus Security Rule 2013)
soc2 (SOC 2)
nist (NIST 800-171 Revision 2)
all (runs all benchmarks)

aws configure

export AWS_ACCOUNT_ID="<AWS_ACCOUNT_ID>"
export BENCHMARK="cis"
export AWS_CONFIG_PATH="$HOME/.aws"
export OUTPUT_FILE="cloud_scanner_output.json"

docker run -it --rm \
  -v $AWS_CONFIG_PATH:/home/khulnasoft/.aws \
  -v $(pwd):/tmp/output \
  -e CLOUD_ACCOUNT_ID=$AWS_ACCOUNT_ID \
  -e CLOUD_PROVIDER=aws \
  docker.io/khulnasoft/cloud-scanner:latest \
  --mode cli \
  --benchmark $BENCHMARK \
  --file "/tmp/output/$OUTPUT_FILE"

Google Cloud

Available benchmarks:

cis (CIS v2.0.0)

gcloud auth login

export GCLOUD_ACCOUNT_ID="<GOOGLE_CLOUD_ACCOUNT_ID>"
export BENCHMARK="cis"
export GCLOUD_CONFIG_PATH="$HOME/.config/gcloud"
export OUTPUT_FILE="cloud_scanner_output.json"

docker run -it --rm \
  -v $GCLOUD_CONFIG_PATH:/home/khulnasoft/.config/gcloud \
  -v $(pwd):/tmp/output \
  -e CLOUD_ACCOUNT_ID=$GCLOUD_ACCOUNT_ID \
  -e CLOUDSDK_CORE_PROJECT=$GCLOUD_ACCOUNT_ID \
  -e CLOUD_PROVIDER=gcp \
  docker.io/khulnasoft/cloud-scanner:latest \
  --mode cli \
  --benchmark $BENCHMARK \
  --file "/tmp/output/$OUTPUT_FILE"

Azure

Available benchmarks:

pci (PCI DSS 3.2.1)
hipaa (HIPAA HITRUST 9.2)
nist (NIST SP 800-53 Revision 5)
cis (CIS v2.0.0)
all (runs all benchmarks)

az login

export AZURE_ACCOUNT_ID="<AZURE_ACCOUNT_ID>"
export BENCHMARK="cis"
export AZURE_CONFIG_PATH="$HOME/.azure"
export AZURE_TENANT_ID=""
export OUTPUT_FILE="cloud_scanner_output.json"

docker run -it --rm \
  -v $AZURE_CONFIG_PATH:/home/khulnasoft/.azure \
  -v $(pwd):/tmp/output \
  -e CLOUD_ACCOUNT_ID=$AZURE_ACCOUNT_ID \
  -e AZURE_SUBSCRIPTION_ID=$AZURE_ACCOUNT_ID \
  -e AZURE_TENANT_ID=$AZURE_TENANT_ID \
  -e CLOUD_PROVIDER=azure \
  docker.io/khulnasoft/cloud-scanner:latest \
  --mode cli \
  --benchmark $BENCHMARK \
  --file "/tmp/output/$OUTPUT_FILE"

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cloud-metadata
cloud_resource_changes
cloud_resource_changes_aws
cloud_resources_changes_azure
cloud_resources_changes_gcp
exportcontrols module
internal
khulnasoft
output
query_resource
scanner
service
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL