Project description

Anchore STIG

Anchore STIG is a complete STIG solution that can be used to run STIG profile against static images.

Description

Use Anchore STIG to perform STIG checks against running containers in Kubernetes environments or static Docker images from a registry or stored locally. The tool executes automated scans against specific STIG Security Guide (SSG) policies. The program will output either a JSON report with a summary of STIG check results for runtime checks or XCCDF XML and OpenSCAP XML and HTML for static checks.

The static functionality includes the following profiles:

CentOS 7
CentOS 8
Debian 10
Debian 11
Fedora
Oracle Linux 7
Oracle Linux 8
Oracle Linux 9
OpenSUSE
SUSE Linux Enterprise Server 15
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Ubuntu 16.04
Ubuntu 18.04
Ubuntu 20.04
Ubuntu 22.04

Getting Started

Dependencies

Overall

python3 >= 3.8 with pip3 installed
make

Static

docker

Runtime

kubectl exec privileges
Pods running one of the above listed software / OS types

Install

clone the repo
run make to install

Running the Program

Static

Run the tool using anchorestig static IMAGE.
- Ex: anchorestig static docker.io/ubi8:latest

CLI Input Parameters:

Username:             --username (-u)     Username for private registry
Password:             --password (-p)     Password for private registry
Url:                  --url (-r)          URL for private registry
Insecure:             --insecure (-s)     Allow insecure registries or registries with custom certs
Local Image:          --local-image (-l)  Run against an image stored in your local docker instance
AWS S3 Bucket         --aws (-a)          Upload results to S3
Anchore Account       --account (-c)      Anchore STIG UI account to store the stig result in

Viewing Results

Navigate to the ./stig-results directory. The output directory containing output files will be named according to the image scanned.

Help

Use the --help flag to see more information on how to run the program:

anchorestig --help

Authors

Sean Fazenbaker @bakenfazer
Michael Simmons @MSimmons7

Project details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

This version

0.5.0

Sep 10, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

anchorestig_static-0.5.0.tar.gz (5.0 kB view details)

Uploaded Sep 10, 2024 Source

Built Distribution

anchorestig_static-0.5.0-py3-none-any.whl (6.1 kB view details)

Uploaded Sep 10, 2024 Python 3

File details

Details for the file anchorestig_static-0.5.0.tar.gz.

File metadata

Download URL: anchorestig_static-0.5.0.tar.gz
Upload date: Sep 10, 2024
Size: 5.0 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/5.1.1 CPython/3.12.6

File hashes

Hashes for anchorestig_static-0.5.0.tar.gz
Algorithm	Hash digest
SHA256	`6a6aa08c9743da9f7099819c2bcb390a8d0cf6890e01f2b2377f6a0003a45f91`
MD5	`09ed31e537daf2943b220a887f62523d`
BLAKE2b-256	`5369a202ac390eb3f55325c735bd32fe5c9611e6f2617a9646f3044cd2ff6870`

See more details on using hashes here.

File details

Details for the file anchorestig_static-0.5.0-py3-none-any.whl.

File metadata

Download URL: anchorestig_static-0.5.0-py3-none-any.whl
Upload date: Sep 10, 2024
Size: 6.1 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/5.1.1 CPython/3.12.6

File hashes

Hashes for anchorestig_static-0.5.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`f7004817a94f4bb8600be997afbe05d786e373e921a7358a3fc26bafd657124a`
MD5	`9d2f3ddb9ff17ffa310340e9aea598ee`
BLAKE2b-256	`8e7dc5d081dd8a97eb01e93d82d48ccd52751ca06946357753bb93653c4083d2`