A tool for performing static analysis using STIGs

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for anchore from gravatar.com anchore

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: Anchore Inc.
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

Anchore STIG

Anchore STIG is a complete STIG solution that can be used to run STIG profile against static images.

Description

Use Anchore STIG to perform STIG checks against running containers in Kubernetes environments or static Docker images from a registry or stored locally. The tool executes automated scans against specific STIG Security Guide (SSG) policies. The program will output either a JSON report with a summary of STIG check results for runtime checks or XCCDF XML and OpenSCAP XML and HTML for static checks.

The static functionality includes the following profiles:

  • CentOS 7
  • CentOS 8
  • Debian 10
  • Debian 11
  • Fedora
  • Oracle Linux 7
  • Oracle Linux 8
  • Oracle Linux 9
  • OpenSUSE
  • SUSE Linux Enterprise Server 15
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Ubuntu 16.04
  • Ubuntu 18.04
  • Ubuntu 20.04
  • Ubuntu 22.04

Getting Started

Dependencies

Overall

  • python3 >= 3.8 with pip3 installed
  • make

Static

  • docker

Runtime

  • kubectl exec privileges
  • Pods running one of the above listed software / OS types

Install

  • clone the repo
  • run make to install

Running the Program

Static

  • Run the tool using anchorestig static IMAGE.
    • Ex: anchorestig static docker.io/ubi8:latest
CLI Input Parameters:

Username:             --username (-u)     Username for private registry
Password:             --password (-p)     Password for private registry
Url:                  --url (-r)          URL for private registry
Insecure:             --insecure (-s)     Allow insecure registries or registries with custom certs
Local Image:          --local-image (-l)  Run against an image stored in your local docker instance
AWS S3 Bucket         --aws (-a)          Upload results to S3
Anchore Account       --account (-c)      Anchore STIG UI account to store the stig result in
Viewing Results

Navigate to the ./stig-results directory. The output directory containing output files will be named according to the image scanned.

Help

Use the --help flag to see more information on how to run the program:

anchorestig --help

Authors

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for anchore from gravatar.com anchore

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: Anchore Inc.
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

0.75.5

0.75.2

0.75.1

This version

0.75.0

0.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

anchorestig_static-0.75.0.tar.gz (22.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

anchorestig_static-0.75.0-py3-none-any.whl (31.9 kB view details)

Uploaded Python 3

File details

Details for the file anchorestig_static-0.75.0.tar.gz.

File metadata

  • Download URL: anchorestig_static-0.75.0.tar.gz
  • Upload date:
  • Size: 22.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.0.1 CPython/3.12.8

File hashes

Hashes for anchorestig_static-0.75.0.tar.gz
Algorithm Hash digest
SHA256 364f3eb5e031e545351e6c29dd7deadc7537e3bd12db4f4ed32ad9cb593b6061
MD5 f2924d7b2d5734dfd2deb008febbbdcd
BLAKE2b-256 b79f900e2cc364318f7bc3ab4f96cf44a20d247b10e1ef067e8d17050bd16789

See more details on using hashes here.

Provenance

The following attestation bundles were made for anchorestig_static-0.75.0.tar.gz:

Publisher: release.yml on anchore/Anchore-Static-STIG-Only

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file anchorestig_static-0.75.0-py3-none-any.whl.

File metadata

File hashes

Hashes for anchorestig_static-0.75.0-py3-none-any.whl
Algorithm Hash digest
SHA256 9f1f2711a5f5a1e60c3bb3d21e5150731b8b584cff8a8ab18a597543d20df0d4
MD5 3009692726c308e17eac0e7ff643ab01
BLAKE2b-256 7ddf029f4d299ea8cea861c2a1bae45d83b4e3648b6d823c633372447b3b58a0

See more details on using hashes here.

Provenance

The following attestation bundles were made for anchorestig_static-0.75.0-py3-none-any.whl:

Publisher: release.yml on anchore/Anchore-Static-STIG-Only

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page