A tool for performing static analysis using STIGs

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for anchore from gravatar.com anchore

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: Anchore Inc.
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

Anchore STIG

Anchore STIG is a complete STIG solution that can be used to run STIG profile against static images.

Description

Use Anchore STIG to perform STIG checks against running containers in Kubernetes environments or static Docker images from a registry or stored locally. The tool executes automated scans against specific STIG Security Guide (SSG) policies. The program will output either a JSON report with a summary of STIG check results for runtime checks or XCCDF XML and OpenSCAP XML and HTML for static checks.

The static functionality includes the following profiles:

  • CentOS 7
  • CentOS 8
  • Debian 10
  • Debian 11
  • Fedora
  • Oracle Linux 7
  • Oracle Linux 8
  • Oracle Linux 9
  • OpenSUSE
  • SUSE Linux Enterprise Server 15
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • Ubuntu 16.04
  • Ubuntu 18.04
  • Ubuntu 20.04
  • Ubuntu 22.04

Getting Started

Dependencies

Overall

  • python3 >= 3.8 with pip3 installed
  • make

Static

  • docker

Runtime

  • kubectl exec privileges
  • Pods running one of the above listed software / OS types

Install

  • clone the repo
  • run make to install

Running the Program

Static

  • Run the tool using anchorestig static IMAGE.
    • Ex: anchorestig static docker.io/ubi8:latest
CLI Input Parameters:

Username:             --username (-u)     Username for private registry
Password:             --password (-p)     Password for private registry
Url:                  --url (-r)          URL for private registry
Insecure:             --insecure (-s)     Allow insecure registries or registries with custom certs
Local Image:          --local-image (-l)  Run against an image stored in your local docker instance
AWS S3 Bucket         --aws (-a)          Upload results to S3
Anchore Account       --account (-c)      Anchore STIG UI account to store the stig result in
Viewing Results

Navigate to the ./stig-results directory. The output directory containing output files will be named according to the image scanned.

Help

Use the --help flag to see more information on how to run the program:

anchorestig --help

Authors

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for anchore from gravatar.com anchore

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: Anchore Inc.
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

0.75.5

This version

0.75.2

0.75.1

0.75.0

0.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

anchorestig_static-0.75.2.tar.gz (23.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

anchorestig_static-0.75.2-py3-none-any.whl (33.2 kB view details)

Uploaded Python 3

File details

Details for the file anchorestig_static-0.75.2.tar.gz.

File metadata

  • Download URL: anchorestig_static-0.75.2.tar.gz
  • Upload date:
  • Size: 23.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for anchorestig_static-0.75.2.tar.gz
Algorithm Hash digest
SHA256 7f2d0668262396cab46e526cb5e7e1d94f08e10ae4fa4b3bb4e5145597ec2c0e
MD5 703fcb55ca975cf0200b48fb57673f2b
BLAKE2b-256 406e17f09e6c7220a005cb492cf35569031f8490307a49ddcf5e4a51e9ec11bb

See more details on using hashes here.

Provenance

The following attestation bundles were made for anchorestig_static-0.75.2.tar.gz:

Publisher: release.yml on anchore/Anchore-Static-STIG-Only

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file anchorestig_static-0.75.2-py3-none-any.whl.

File metadata

File hashes

Hashes for anchorestig_static-0.75.2-py3-none-any.whl
Algorithm Hash digest
SHA256 ca735811852c453b3b6481ef70c4c145523c6a3d54d8f73fcc4542301a74a8a9
MD5 d831abea81ce1505448dd99a36529323
BLAKE2b-256 194ae74d646aeb3b8df6cef965f870cf51f711832786dbbc6b56322b61acff6a

See more details on using hashes here.

Provenance

The following attestation bundles were made for anchorestig_static-0.75.2-py3-none-any.whl:

Publisher: release.yml on anchore/Anchore-Static-STIG-Only

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page