472,982 Members | 2,157 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > security > insights > an open source container security detection tool

Join Bytes and contribute your articles to a community of 472,982 developers and data experts.

An open source container security detection tool

1
Recently, I have been researching open source container security related tools and found many excellent projects include trivy, anchor, etc., which have done a good job in vulnerability detection; while there are not many projects focusing on other security detection. So I am more interested in Chaitin's open-source inquiring container security toolset, so I record the process of using it for the first time.

First, let's take a look at the specific functions of the official description:
1. Supports detection of abnormal historical commands, malicious files, weak passwords, sensitive information, backdoors, etc.
2. Support image asset inventory, inventory image and image software assets.
3. Support local images scanning and repository images scanning, and integrate with mainstream image repositories such as Docker Hub.
4. Support mainstream CI/CD integration such as GitHub action and jenkins.
5. Run in parallel container mode, no need to compile separately, out-of-the-box.
6. Adapt to a variety of container runtimes.

## 1、Use the runner program to detect five kinds of threats in the local image

- `./parallel-container-run.sh scan-host -h` ,View scan local mirror command parameters
- `./parallel-container-run.sh scan-host` ,Scan all local images with all identified plugins
- View the current list of plugins `./parallel-container-run.sh list plugin`
- `./parallel-container-run.sh scan-host -g "**/veinmind-weakpass"` ,Specifies to scan only with weak password plugins

## 2、Use the host program to detect the warehouse image

- `./parallel-container-run.sh scan-registry -h` ,View scan remote warehouse command parameters
- `./parallel-container-run.sh scan-registry oodo` ,Try scanning the oodo image in the docker hub public repository

## 3、Integrated use in Github Action / Gitlab / Jenkins

Go directly to the official picture, I just don't want to try it.

## 4、Summarize
After simple use, it is very easy to get started, and there is almost no understanding cost. Several sensitive information and weak passwords were detected when scanning the local image. See the introduction of the malicious sample detection integrated with VT, which is quite reliable. I hope the official will continue to increase the detection rules of the tool. The issue mentioned in the research will be integrated with Jenkins so quickly. Yes, it seems that it is maintained by special personnel, and the project activity is quite high.

you can search veinmind on github to find it ,thanks for read.
Jul 12 '22 #1
0 3394

Sign in to post your reply or Sign up for a free account.

Similar topics

188
[EVALUATION] - E02 - Support for MinGW Open Source Compiler
by: Ilias Lazaridis | last post by:
I'm a newcomer to python: - E01: The Java Failure - May Python Helps? http://groups-beta.google.com/group/comp.lang.python/msg/75f0c5c35374f553 - I've download (as suggested) the python...
Python
0
LOCAL NYC - UNIGROUP 17-FEB-2005 (Thurs): ZOPE - Open Source WebDevelopment
by: Unigroup of New York | last post by:
Content-Type: multipart/mixed; boundary="------------C465DF38DCB38DD2AF7117E0" Lines: 327 Date: Tue, 15 Feb 2005 23:36:38 -0500 NNTP-Posting-Host: 24.46.113.251 X-Complaints-To: abuse@cv.net...
Python
1
Open source data modeling tools for PostgreSQL
by: Markus Seibold | last post by:
Hi, I am looking for an open source (free) data modeling tool for PostgreSQL. It should - if possible - support: - E-R-Modelling - relational data model / modeling - (GUI SQL interface to...
PostgreSQL Database
115
Open source alternative for MsAccess?
by: TheAd | last post by:
At this moment I use MsAccess and i can build about every databound application i want. Who knows about a serious open source alternative? Because Windows will be a client platform for some time, i...
Microsoft Access / VBA
10
FSM (Finite State Machine) Generator - Open Source
by: Roberto Nunnari | last post by:
Hi all. I announce that there's a brand new, free FSM Generator in the Open Source arena: NunniFSMGen - release 1.0-RC1 http://nunnifsmgen.nunnisoft.ch NunniFSMGen is a java tool that...
C / C++
158
Python to use a non open source bug tracker?
by: Giovanni Bajo | last post by:
Hello, I just read this mail by Brett Cannon: http://mail.python.org/pipermail/python-dev/2006-October/069139.html where the "PSF infrastracture committee", after weeks of evaluation, recommends...
Python
6
Google anounces new (open source) browser with new JavaScript VM.
by: Erwin Moller | last post by:
Hi, Maybe this is old news for some of you, but I just found this: http://blogs.zdnet.com/BTL/?p=9847 It will include a JavaScript Virtual Machine built from scratch. Regards, Erwin Moller
Javascript
0
Apache Impala Gets Top-Level Status As Open Source Hadoop Tool
by: manchun | last post by:
Since Hadoop evolution, the developers have gotten the new abstraction and release with more features. The new releases and versions of Hadoop are to provide improved Hadoop with the removal of...
Apache Web Server
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
2
isladogs
Access Europe meeting on Wed 4 Oct - The future of Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
How to find best mobile app development company in usa
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
Mobile Development
0
tracyyun
Can faster file sharing be achieved by connecting computers simultaneously via WiFi and LAN cables
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
Networking - Hardware / Configuration
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
4
NeoPa
Send Current Object to PDF
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
Microsoft Access / VBA
1
Report value list
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 6 Dec - Streamline Your Import/Export Spec Workflow with VBA Classes
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
Microsoft Access / VBA
4
Take a Database to the Next Level
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!