dracon

module
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 7, 2024 License: Apache-2.0

README

Dracon

Lint Run dracon Test Publish

dracon-logo-dark-mode

dracon-logo-light-mode

By Ocurity Security scanning,results unification and enrichment tool (ASOC)

  • forked and rewritten from @thought-machine/dracon

Security pipelines on Kubernetes. The purpose of this project is to provide a scalable and flexible framework to execute arbitrary security scanning tools on code and infrastructure while processing the results in a versatile way.

flowchart LR
    S["Code Setup & Build"]

    P_GoSec["Producer - GoSec (Golang)"]
    P_SecBugs["Producer - SpotBugs (Java)"]
    P_Bandit["Producer - Bandit (Python)"]
    P_TFSec["Producer - TFSec (Terraform)"]

    P_Aggregator["Producer - Results Aggregation"]

    E_Deduplication["Enricher - Deduplication"]
    E_Policy["Enricher - Policy"]
    E_Aggregator["Enricher - Enriched Results Aggregator"]

    C_Slack["Consumer - Slack"]
    C_Elasticsearch["Consumer - Elasticsearch"]
    C_Jira["Consumer - Jira"]

    S-->P_TFSec
    S-->P_GoSec
    S-->P_SecBugs
    S-->P_Bandit

    P_TFSec-->P_Aggregator
    P_GoSec-->P_Aggregator
    P_SecBugs-->P_Aggregator
    P_Bandit-->P_Aggregator

    P_Aggregator-->E_Deduplication
    P_Aggregator-->E_Policy

    E_Policy-->E_Aggregator
    E_Deduplication-->E_Aggregator

    E_Aggregator-->C_Slack
    E_Aggregator-->C_Elasticsearch
    E_Aggregator-->C_Jira


Getting Started

The Getting started with KinD tutorial explains how to get started with Dracon. You can also access our community contributed pipelines here

More tutorials:

Name Description
Getting started with KinD Quickstart guide on how to get started with Dracon using KinD
Getting started with Please and K3D Beginner guide on how to get started with Dracon using Please w/ K3D
Running our demo pipeline End to end demo of running an example pipeline
Announcements

This version of Dracon was announced at OWASP Appsec Dublin in 2023. Check out the slides and the video of the presentation.

Support

If you have questions, reach out to us by opening a new issue on Github.

Development & Contributing

Contributions are welcome, see the developing and releasing guides on how to get started.

License

Dracon is under the Apache 2.0 license. See the LICENSE file for details.

Directories

Path Synopsis
api
build
cmd
components
consumers
Package consumers provides helper functions for working with Dracon compatible outputs as a Consumer.
Package consumers provides helper functions for working with Dracon compatible outputs as a Consumer.
consumers/aws-s3
Package main of the aws-s3 consumer implements a simple consumer for uploading dracon results to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set
Package main of the aws-s3 consumer implements a simple consumer for uploading dracon results to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set
consumers/bigquery
Package main of the bigquery consumer puts dracon issues into the target bigquery dataset, it will create teh dataset and the schema if one does not exist
Package main of the bigquery consumer puts dracon issues into the target bigquery dataset, it will create teh dataset and the schema if one does not exist
consumers/pdf
Package main of the pdf consumer implements a simple consumer for applying a go-template to a dracon scan, converting the result to pdf and then uploading the result to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set along with the "bucket" and "region" arguments to be passed
Package main of the pdf consumer implements a simple consumer for applying a go-template to a dracon scan, converting the result to pdf and then uploading the result to the S3 bucket passed as an argument the consumer expects the environment variables AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY to be set along with the "bucket" and "region" arguments to be passed
enrichers/codeowners
Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.
Package main of the codeowners enricher handles enrichment of individual issues with the groups/usernames listed in the github repository CODEOWNERS files.
producers
Package producers provides helper functions for writing Dracon compatible producers that parse tool outputs.
Package producers provides helper functions for writing Dracon compatible producers that parse tool outputs.
producers/cdxgen
Package main of the cdxgen producer parses the CycloneDX output of cdxgen and create a singular Dracon issue from it
Package main of the cdxgen producer parses the CycloneDX output of cdxgen and create a singular Dracon issue from it
producers/dependency-track
Package main of the dependency track producer reads a dependency track export and translates it to dracon format
Package main of the dependency track producer reads a dependency track export and translates it to dracon format
producers/trufflehog
Package main implements the binary for parsing trufflehog results into the dracon format
Package main implements the binary for parsing trufflehog results into the dracon format
producers/typescript-npm-audit/types
Package types provides common types for audit report formats.
Package types provides common types for audit report formats.
producers/typescript-npm-audit/types/npmfullaudit
Package npmfullaudit provides types and functions for working with audit reports from npm's "Full Audit" endpoint (/-/npm/v1/security/audits) and transforming them into data structures understood by the Dracon enricher.
Package npmfullaudit provides types and functions for working with audit reports from npm's "Full Audit" endpoint (/-/npm/v1/security/audits) and transforming them into data structures understood by the Dracon enricher.
producers/typescript-npm-audit/types/npmquickaudit
Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher.
Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher.
docs
pkg
context
Package context offers a set of methods which permit components to
Package context offers a set of methods which permit components to
db
enumtransformers
Package enumtransformers transforms from dracon internal enums to text and back
Package enumtransformers transforms from dracon internal enums to text and back
k8s
templating
Package templating includes helper methods that apply go templates to Dracon Raw and Enriched Issues and return the resulting str
Package templating includes helper methods that apply go templates to Dracon Raw and Enriched Issues and return the resulting str
testutil
Package testutil contains helper functions and subpackages to make testing the project easier
Package testutil contains helper functions and subpackages to make testing the project easier

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL