securecodebox/auto-discovery-kubernetes

Sponsored OSS

By iteratec GmbH

Updated 23 days ago

Image
Integration & Delivery
Monitoring & Observability
Security

50K+

License Apache-2.0GitHub release (latest SemVer)OWASP Lab ProjectArtifact HUBGitHub Repo starsMastodon Follower

What is OWASP secureCodeBox?

secureCodeBox Logo

OWASP secureCodeBox is an automated and scalable open source solution that can be used to integrate various security vulnerability scanners with a simple and lightweight interface. The secureCodeBox mission is to support DevSecOps Teams to make it easy to automate security vulnerability testing in different scenarios.

With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.

The secureCodeBox project is running on Kubernetes. To install it you need Helm, a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.

Quickstart with secureCodeBox on Kubernetes

You can find resources to help you get started on our documentation website including instruction on how to install the secureCodeBox project and guides to help you run your first scans with it.

How to use this image

This core image is intended to work in combination with the OWASP secureCodeBox. For more information details please take a look at the documentation page: https://www.securecodebox.io/docs/getting-started/installation.

docker pull securecodebox/auto-discovery-kubernetes

Example

AutoDiscovery CLI Example

This example deploys JuiceShop to a new Kubernetes Namespace. (You can find the kubernetes manifests for the deployment here)

The AutoDiscovery will automatically pick up this new deployment and then starts a ZAP Scan against it. The scan created uses our zap-advanced ScanType by default, this can be changed with the config.serviceAutoDiscovery.scanConfig.scanType config on the autoDiscovery helm release.

When the ContainerAutoDiscovery is enabled, the AutoDiscovery can also create a trivy scan for each unique container image (having multiple pods with the same container will only create one scan). The scan type can be defined with config.containerAutoDiscovery.scanConfig.scanType.

Community

You are welcome, please join us on... 👋

secureCodeBox is an official OWASP project.

License

License

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

Development

Run the AutoDiscovery locally

To avoid having to build & deploy the AutoDiscovery every time you make a code change you can run it locally. It automatically connects to your current cluster configured in your kube config.

make run
Running the tests
# execute the tests locally
make test

# view the test coverage
go tool cover -html=cover.out

Docker Pull Command

docker pull securecodebox/auto-discovery-kubernetes