README
¶
Gatecheck
Gatecheck automates report validation in a CI/CD Pipeline by comparing security findings to pre-determined thresholds. It also provides report aggregation, artifact integrity, and deployment validation. Gatecheck is stateless so self-hosting and provisioning servers is not required.
Upcoming Features
The CLI is currently going through a much needed refactor. Once all existing features have been implemented in the new CLI, the old one will be deprecated and then removed in a few versions.
To enable the legacy CLI, set the variable GATECHECK_FF_LEGACY_CLI_ENABLED=1.
Getting Started
The fastest way to get started with Gatecheck is to download the pre-built binaries for your target system.
cd <target install dir>
curl -L <OS Specific Release>.tar.gz | tar xz
./gatecheck
./gatecheck --help
The Gatecheck CLI supports --help for every command for more detail usage.
Generate a configuration file with the default thresholds set
gatecheck config init > gatecheck.yaml
Summarize Reports with List
gatechec ls --help
List with EPSS Scores is support for Grype and Cyclondex reports
Validation
List with EPSS Scores is support for Grype and Cyclondex reports
Bundling Artifacts
Bundling Artifacts produces a gzipped tarball with an associated manifest for metadata.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
gatecheck
command
Package main executes the CLI for gatecheck
|
Package main executes the CLI for gatecheck |
|
v0
Package cmd contains the ClI execution logic using cobra
|
Package cmd contains the ClI execution logic using cobra |
|
v1
The root file contains common helper functions used by other commands.
|
The root file contains common helper functions used by other commands. |
|
pkg
|
|
|
archive
Package archive provides the logic for Gatecheck Bundles
|
Package archive provides the logic for Gatecheck Bundles |
|
artifacts/cyclonedx
Package cyclonedx provides data model, decoder, and validator for cyclonedx reports
|
Package cyclonedx provides data model, decoder, and validator for cyclonedx reports |
|
artifacts/gitleaks
Package gitleaks provides data model, decoder, and validator for Gitleaks secret detection report
|
Package gitleaks provides data model, decoder, and validator for Gitleaks secret detection report |
|
artifacts/grype
Package grype defines data model, Config, Decoder, Validator, and validation rules for Anchore Grype vulnerability reports.
|
Package grype defines data model, Config, Decoder, Validator, and validation rules for Anchore Grype vulnerability reports. |
|
artifacts/semgrep
Package semgrep provides data model, decoder, and validator for Semgrep reports
|
Package semgrep provides data model, decoder, and validator for Semgrep reports |
|
encoding
Package encoding provides generic abstractions for decoding common formats
|
Package encoding provides generic abstractions for decoding common formats |
|
epss
Package epss contains data models and the service for cross referencing vulnerabilities with EPSS scores.
|
Package epss contains data models and the service for cross referencing vulnerabilities with EPSS scores. |
|
export/aws
Package aws integrates aws-sdk-go-v2 into gatecheck
|
Package aws integrates aws-sdk-go-v2 into gatecheck |
|
export/defectdojo
Package defectdojo handles exporting reports to Defect Dojo open source software
|
Package defectdojo handles exporting reports to Defect Dojo open source software |
|
kev
Package kev uses CISA's KEV Catalog for vulnerability analysis
|
Package kev uses CISA's KEV Catalog for vulnerability analysis |
|
validate
Package validate provides a generic implementation for any object type using validation rules
|
Package validate provides a generic implementation for any object type using validation rules |