vmclarity

module
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 8, 2023 License: Apache-2.0

README

VMClarity Logo

Slack Invite Go Reference GitHub Workflow Status Go Report Card

VMClarity is an open source tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations and leaked secrets.

VMClarity demo

Join VMClarity's Slack channel to hear about the latest announcements and upcoming activities. We would love to get your feedback!

Table of Contents

Why VMClarity?

Virtual machines (VMs) are the most used service across all hyperscalers. AWS, Azure, GCP, and others have virtual computing services that are used not only as standalone VM services but also as the most popular method for hosting containers (e.g., Docker, Kubernetes).

VMs are vulnerable to multiple threats:

  • Software vulnerabilities
  • Leaked Secrets/Passwords
  • Malware
  • System Misconfiguration
  • Rootkits

There are many very good open source and commercial-based solutions for providing threat detection for VMs, manifesting the different threat categories above.

However, there are challenges with assembling and managing these tools yourself:

  • Complex installation, configuration, and reporting
  • Integration with deployment automation
  • Siloed reporting and visualization

The VMClarity project is focused on unifying detection and management of VM security threats in an agentless manner.

Quick start

Install VMClarity

AWS
  1. Start the CloudFormation wizard, or upload the latest CloudFormation template
  2. Specify the SSH key to be used to connect to VMClarity under 'KeyName'
  3. Once deployed, copy VmClarity SSH Address from the "Outputs" tab

For a detailed installation guide, please see AWS.

Azure
  1. Click the Deploy To Azure button.
  2. Fill out the required fields in the wizard
  3. Once deployed, copy the VMClarity SSH address from the Outputs tab
GCP
  1. Change directory to installation/gcp/dm
  2. Copy vmclarity-config.example.yaml to vmclarity-config.yaml, update with required values.
  3. Deploy vmclarity using GCP deployment manager 
    gcloud deployment-manager deployments create <vmclarity deployment name> --config vmclarity-config.yaml
  4. Once deployed, copy the VMClarity SSH IP address from the CLI output.
Kubernetes
  1. helm install -n vmclarity --create-namespace vmclarity ./vmclarity

Access VMClarity UI

  1. Open connection to VMClarity API Gateway either:

    • On AWS, Azure or GCP, open an SSH tunnel to VMClarity VM server

      ssh -N -L 8080:localhost:80 -i  "<Path to the SSH key specified during install>" ubuntu@<VmClarity SSH Address copied during install>

    • On Kubernetes port-forward vmclarity-gateway service:

      kubectl port-forward -n vmclarity service/vmclarity-gateway 8080:80

  2. Access VMClarity UI in the browser: http://localhost:8080/

  3. Access the API via http://localhost:8080/api

For a detailed UI tour, please see tour.

Overview

VMClarity uses a pluggable scanning infrastructure to provide:

  • SBOM analysis
  • Package and OS vulnerability detection
  • Exploit detection
  • Leaked secret detection
  • Malware detection
  • Misconfiguration detection
  • Rootkit detection

The pluggable scanning infrastructure uses several tools that can be enabled/disabled on an individual basis. VMClarity normalizes, merges and provides a robust visualization of the results from these various tools.

These tools include:

A high-level architecture overview is available here

Roadmap

VMClarity project roadmap is available here.

Contributing

If you are ready to jump in and test, add code, or help with documentation, please follow the instructions on our contributing guide for details on how to open issues, setup VMClarity for development and test.

Code of Conduct

You can view our code of conduct here.

License

Apache License, Version 2.0

Directories

Path Synopsis
api module
client Module
server Module
types Module
cli module
cmd
vmclarity-apiserver
vmclarity-cli
vmclarity-cli/asset
vmclarity-cli/logutil
vmclarity-cli/root
vmclarity-cli/scan
vmclarity-orchestrator
vmclarity-ui-backend
containerruntimediscovery
client Module
server Module
types Module
core module
e2e module
installation module
orchestrator module
pkg
apiserver
apiserver/common
apiserver/database
apiserver/database/gorm
apiserver/database/odatasql
apiserver/database/odatasql/jsonsql
apiserver/database/types
apiserver/rest
cli
cli/presenter
cli/state
cli/utils
orchestrator
orchestrator/assetscanestimationwatcher
orchestrator/assetscanprocessor
orchestrator/assetscanwatcher
orchestrator/common
orchestrator/discovery
orchestrator/provider
orchestrator/provider/aws
orchestrator/provider/aws/scanestimation
orchestrator/provider/azure
orchestrator/provider/cloudinit
orchestrator/provider/common
orchestrator/provider/docker
orchestrator/provider/external
orchestrator/provider/external/proto
orchestrator/provider/gcp
orchestrator/provider/kubernetes
orchestrator/scanconfigwatcher
orchestrator/scanestimationwatcher
orchestrator/scanwatcher
shared/backendclient
nolint:cyclop
 nolint:cyclop
shared/command
shared/families
shared/families/exploits
shared/families/exploits/common
shared/families/exploits/exploitdb
shared/families/exploits/exploitdb/config
shared/families/exploits/job
shared/families/infofinder
shared/families/infofinder/job
shared/families/infofinder/sshtopology
shared/families/infofinder/types
shared/families/interfaces
shared/families/malware
shared/families/malware/clam
shared/families/malware/clam/config
shared/families/malware/clam/constants
shared/families/malware/clam/util
shared/families/malware/common
shared/families/malware/job
shared/families/malware/yara
shared/families/malware/yara/config
shared/families/malware/yara/util
shared/families/misconfiguration
shared/families/misconfiguration/fake
shared/families/misconfiguration/job
shared/families/misconfiguration/lynis
shared/families/misconfiguration/types
shared/families/results
shared/families/rootkits
shared/families/rootkits/chkrootkit
shared/families/rootkits/chkrootkit/config
shared/families/rootkits/chkrootkit/utils
shared/families/rootkits/common
shared/families/rootkits/job
shared/families/rootkits/types
shared/families/sbom
shared/families/secrets
shared/families/secrets/common
shared/families/secrets/gitleaks
shared/families/secrets/gitleaks/config
shared/families/secrets/job
shared/families/types
shared/families/utils
shared/families/vulnerabilities
shared/findingkey
shared/fsutils/blockdevice
shared/fsutils/filesystem
shared/fsutils/lsblk
shared/fsutils/lsblk/internal
shared/fsutils/mount
shared/log
shared/utils
shared/utils/containerrootfs
shared/utils/containerrootfs/example
uibackend
uibackend/api
uibackend/api/client
Package client provides primitives to interact with the openapi HTTP API.
 Package client provides primitives to interact with the openapi HTTP API.
uibackend/api/models
Package models provides primitives to interact with the openapi HTTP API.
 Package models provides primitives to interact with the openapi HTTP API.
uibackend/api/server
Package server provides primitives to interact with the openapi HTTP API.
 Package server provides primitives to interact with the openapi HTTP API.
uibackend/rest
version
plugins
runner Module
sdk-go Module
sdk-go/example Module
store/kics Module
provider module
runtime_scan
pkg/provider/grpc/proto Module
scanner module
testenv module
uibackend
client Module
server Module
types Module
utils module
workflow module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.