README
¶
Ocular is an API built on top of Kubernetes that allows you to perform regular or ad-hoc security scans over static software assets. It provides a set of RESTful endpoints that allow you to configure and run security or compliance scanning tools.
Overview
Ocular is a Kubernetes-native API that allows you to perform security scans on static software assets. It provides a set of RESTful endpoints that allow you to configure and run security or compliance scanning tools over static software assets, such as git repositories, container images, or any static content that can be represented on a file system.
It is designed to allow for both regular scans on a scheduled basis or, ad-hoc security scans ran on demand. The system allows for the user to customize not only the scanning tools that are used, but also:
- How scan targets are enumerated (e.g. git repositories, container images, etc.)
- How those scan targets are downloaded into the scanning environment (e.g. git clone, container pull, etc.)
- How the scanning tools are configured and run (e.g. custom command line arguments, environment variables, etc.)
- Where the results are sent (e.g. to a database, to a file, to a cloud storage etc.)
Each of these components can be configured independently, allowing for a high degree of flexibility and customization. Each of the 4 components (enumeration, download, scanning, and results) can be customized via a container image that implements a specific interface, normally through environment variables, command line arguments and file mounts.
For more information on Ocular and how to use it, see the Ocular project site.
Getting started
Installation via Helm
See the installation guide on our documentation site for instructions on how to install Ocular via Helm.
Running locally
See DEVELOPMENT.md for instructions on how to run the application locally.
Contact
We are constantly learning about emerging use cases and are always interested in hearing about how you use Ocular. If you would like to talk, please get in touch.
Documentation
¶
Overview ¶
Package ocular is a package to provide the Ocular application, a code scanning orchestration tool for static application security testing. It is designed to have easily swappable components depending on: what you want to scan with, how you want to enumerate targets, and where you want to upload results to.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
api-server
Entrypoint for the API server.
|
Entrypoint for the API server. |
|
extractor
Utility image to transfer files between scanners and uploaders.
|
Utility image to transfer files between scanners and uploaders. |
|
hack
|
|
|
internal
|
|
|
config
Package config provides the global configuration for Ocular.
|
Package config provides the global configuration for Ocular. |
|
unittest/mocks
Package mocks will contain all the generated mocks for the unit tests.
|
Package mocks will contain all the generated mocks for the unit tests. |
|
unittest/mocks/internal/cluster
Package cluster is a generated GoMock package.
|
Package cluster is a generated GoMock package. |
|
unittest/mocks/pkg/cluster
Package cluster is a generated GoMock package.
|
Package cluster is a generated GoMock package. |
|
unittest/mocks/pkg/storage
Package storage is a generated GoMock package.
|
Package storage is a generated GoMock package. |
|
pkg
|
|
|
api/client
Package client is a package that provides a client for making HTTP requests to the Ocular API.
|
Package client is a package that provides a client for making HTTP requests to the Ocular API. |
|
api/middleware
Package middleware provides middleware for the Ocular API.
|
Package middleware provides middleware for the Ocular API. |
|
api/routes
Package routes (and sub-packages) provides the API routes for the Ocular application.
|
Package routes (and sub-packages) provides the API routes for the Ocular application. |
|
cluster
Package cluster provides function to interact with Kubernetes clusters.
|
Package cluster provides function to interact with Kubernetes clusters. |
|
errors
Package errors provides a way to create and handle errors with types and messages.
|
Package errors provides a way to create and handle errors with types and messages. |
|
identities
Package identities provides the Identity type which represents the identity of a user in the cluster.
|
Package identities provides the Identity type which represents the identity of a user in the cluster. |
|
pipelines
Package pipelines implements the logic to run a pipeline for a target using a profile.
|
Package pipelines implements the logic to run a pipeline for a target using a profile. |
|
resources
Package downloaders provides the Downloader type which represents the init container that will download a static asset (target) to be scanned.
|
Package downloaders provides the Downloader type which represents the init container that will download a static asset (target) to be scanned. |
|
runtime
Package runtime provides functions to manage the runtime environment of the application.
|
Package runtime provides functions to manage the runtime environment of the application. |
|
schemas
Package schemas provides types that will be used in the API and marshalled or unmarshalled from user data
|
Package schemas provides types that will be used in the API and marshalled or unmarshalled from user data |
|
searches
Package searches provides functions to manage invocation of a [Search].
|
Package searches provides functions to manage invocation of a [Search]. |