csf

command module

v0.0.0-...-bcbb5c0 Latest Latest Go to latest Published: Aug 29, 2018 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ObjectifLibre/csf

Links

Open Source Insights

README ¶

Continuous Security Framework

Continuous Security Framework (CSF for short) is an open-source project aiming at enabling continous security in cloud infrastructures (but not only). You can see it as IFTTT for the cloud. Similar to a typical continuous integration, CSF can be used to build pipelines composed of different tasks. Unlike a typical continuous integration, it can respond to a variety of events and uses simple scripting that anyone can use to build powerful automatic decision-making scripts.

Getting started

Terminology

Modules:

Event source - a module that will send events to CSF (ex: a new vulnerability has been found by clair)
Action module - a module that contains one or more actions (ex: send a mail)

Installation

The best way to run csf is to use the docker image objectiflibre/csf. You can also download the binary or build CSF yourself. Take a look at this sample config and modify it if needed.

docker run -d \
  -v $PWD/csf_config:/csf_config \
  -v $PWD/csf_data:/db \
  -p 8888:8888 \
  objectiflibre/csf

Take a look at config_sample.yaml for the config. The default localfiles configProvider loads modules configuration files from the ./config folder matching the names of the modules (if you load the k8s_imagevalidator module your config file for this module must be named k8s_imagevalidator.*, the extension does not matter). The default localdb storageProvider stores everything in ./db using tiedot.

Use cases

Events trigger pipelines that can dynamically respond to events using scripts. Currently implemented events are:

Clair notification about a new vulnerability in a docker image
A new pod is spawned in kubernetes
An ImagePolicyWebhook review request from kubernetes (can allow or deny the use of an image in k8s)
Notifications from Openstack Nova (via AMQP)

Currently implemented actions are:

Send a mail
Check if an image is in a kubernetes pod or deployment
Respond to an ImagePolicyWebhook image review request
Scan a docker image using an external clair server
Scan an instance / virtual machine / host via ssh using vuls.io and docker

More details on the different modules here.

Need something else ? Open an issue or write your own module !

Pipelines

You can use multiple actions to easily build complex pipelines. Here is a simple example:

example

Another use case is on the fly docker images scanning with kubernetes.

To write your own pipelines (called reactions here), you can find different sample json files in the samples folder or check out the docs about reactions.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
actions Package actions provides types and interfaces necessary to write action modules.	Package actions provides types and interfaces necessary to write action modules.
api
configprovider Package configprovider provides a simple interface to implement configuration providers for action modules and event sources.	Package configprovider provides a simple interface to implement configuration providers for action modules and event sources.
dummy_action Package dummyaction is a dummy implementation of an action module for reference and debugging purposes.	Package dummyaction is a dummy implementation of an action module for reference and debugging purposes.
dummy_source Package dummysource implements a dummy event source for reference and debuging purposes.	Package dummysource implements a dummy event source for reference and debuging purposes.
eventhandler Package hander handles reactions.	Package hander handles reactions.
eventsources Package actions provides types and interfaces necessary to write event sources	Package actions provides types and interfaces necessary to write event sources
ext
actions/clair Package klarscan uses klar's codebase to scan docker images	Package klarscan uses klar's codebase to scan docker images
actions/k8s Package csfk8s provides actions to check if a specific image is currently in a pod or in a deployment.	Package csfk8s provides actions to check if a specific image is currently in a pod or in a deployment.
actions/k8s_imagevalidate Package k8s_imagevalidate is the action associated with the eventsource k8s_imagevalidator used to validate or not a container image	Package k8s_imagevalidate is the action associated with the eventsource k8s_imagevalidator used to validate or not a container image
actions/mail Package mailaction provides an action to send an email via SMTP	Package mailaction provides an action to send an email via SMTP
actions/vuls Package vulsaction provides an action to launch a vulnerability scan using docker and vuls.io.	Package vulsaction provides an action to launch a vulnerability scan using docker and vuls.io.
config/localfile Package localfilesconfig is a configuration provider for event sources and action modules that uses simple files in a local directory and uses file names modules to match configurations.	Package localfilesconfig is a configuration provider for event sources and action modules that uses simple files in a local directory and uses file names modules to match configurations.
sources/clair Package clair listen for clair notifications and fetch vulnerabities details from clair to generate events.	Package clair listen for clair notifications and fetch vulnerabities details from clair to generate events.
sources/k8s_events Package k8sevents provides events fetched from kubernetes using parts of the client-go packages, the official go client for kubernetes.	Package k8sevents provides events fetched from kubernetes using parts of the client-go packages, the official go client for kubernetes.
sources/k8s_imagevalidator Package k8s_imagevalidator is and endpoint for the ImagePolicyWebhook admission controller of kubernetes.	Package k8s_imagevalidator is and endpoint for the ImagePolicyWebhook admission controller of kubernetes.
sources/onetime Package onetime sends an event just one time at startup.	Package onetime sends an event just one time at startup.
sources/openstack Package openstack connects to Rabbitmq via AMQP and listen for compute related notifications.	Package openstack connects to Rabbitmq via AMQP and listen for compute related notifications.
storage/local
metrics Package metrics exposes promotheus metrics	Package metrics exposes promotheus metrics
scripting Package scripting executes action's JavaScript code in a JS vm.	Package scripting executes action's JavaScript code in a JS vm.
statik
storage
driver Package storage provides an interface to implement storage providers.	Package storage provides an interface to implement storage providers.
templates
webui Package webui is a completly-not-finished web interface for CSF.	Package webui is a completly-not-finished web interface for CSF.