Skip to content
/ lampas Public

"Lampas" is Generic Linux Package security scanning tool.(include non-docker)

License

BSD-2-Clause license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ziozzang/lampas

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ziozzangziozzang
Update server.py
Feb 22, 2018
f7ea4c6 · Feb 22, 2018

History

34 Commits
cli
cli
Feb 11, 2018
compose
compose
Feb 22, 2018
Dockerfile
Dockerfile
Feb 9, 2018
LICENSE
LICENSE
Feb 9, 2018
README.md
README.md
Feb 22, 2018
clairdb.py
clairdb.py
Feb 11, 2018
conf.py
conf.py
Feb 9, 2018
server.py
server.py
Feb 22, 2018
test.py
test.py
Feb 11, 2018

Repository files navigation

Lampas

TL;DR

Lampas is for generic linux distro package security Scanner.

  • the meaning of lampas is came from latin word 'Lampas'
  • the word is from Ancient Greek λαμπάς (lampás, “lamp or flambeau”), from λάμπω (lámpō), perhaps from Proto-Indo-European *leh₂p- (“glow”)

Clair Generic Scan Server (HTTP)

  • Lampas is renamed from "clair-generic-scan-server". Lampas is latin words which means lamp or lantern.

  • You can scan any linux system not only docker but also bare-metal.

  • Clair use newest distro's NVD/CVE database. this means clair's DB is very accurated and fastest. There's no false negative or false positive issue.

  • Support Linux Distro.

    • Ubuntu / Debian
    • Centos / Redhat / Oracle
    • Alpine

  • Clair is opensource project by CoreOS(Acquired by RedHat)

  • welcome any pull requests.

Demo

  • Demo is checking not only Host Ubuntu system but also inside centos docker container. asciicast

Author

Requirements

  • Clair DB format is 2.0.1 (on Clair Public Release)
  • not working with VMWare Harbor or other 3rd party's modified clair release.

Run

  • Run with docker-compose. (easist method)
cd compose
docker-compose up -d

# wait for DB updating is complated. (maybe 10-30 min. time depend on network issue)
docker exec -it lampas python /opt/test.py
  • You can test on bare-metal using with cli client.
    • compatability
      • Tested & Working: Centos7 / RHEL 7 / Debian 8,9 / Ubuntu 14.04 or above / Alpine
      • Not working: Centos 6 / RHEL 6 / Debian 7
    • Python version: python & requests module are required.
    • Golang version: Static compiled binary does not need any requirements.
# Python version
python ./cli/scanner.py http://127.0.0.1:5000

# Golang version
# - Build Binary
 docker run -it --rm \
  -v `pwd`/cli:/usr/src/scanner \
  -w /usr/src/scanner \
  -e "CGO_ENABLED=0" -e "GOOS=linux" \
  golang bash -c  \
  "go get github.com/Jeffail/gabs && go get github.com/go-ini/ini && go build -a -ldflags '-extldflags \"-static\"' ."

# or you can use build scripts
  cd cli
  curl https://raw.githubusercontent.com/ziozzang/go-static-template/master/install | bash
  BIN_NAME=scanner ./build.sh

# - Run
./cli/scanner http://127.0.0.1:5000
  • Environments Parameters
    • not yet documented

API

not yet documented.

Build

docker build -t ziozzang/clair-generic-scan-server .
docker run -it --rm  -p 5000:5000 --link pgsql:pgsql ziozzang/clair-generic-scan-server

Known Issue

  • if no database updated, server return 500.
  • no error processing
  • no web ui.

TO-Do

  • Documents
  • API

License

  • BSD.
  • You can use any purpose.

About

"Lampas" is Generic Linux Package security scanning tool.(include non-docker)

Topics

linux golang devops security-audit debian ubuntu rest-api scanner alpine centos redhat rhel security-vulnerability clair vulnerability-detection cve-scanning vulnerability-scanners security-tools devsecops clair-db

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages