A command line interface for scanning configuration files with CoGuard

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ioah from gravatar.com ioah

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

Coguard Logo

CoGuard

Why CoGuard

Infrastructure as Code (IaC) is here to stay. The versioning and continuous scanning of every layer of your IT (on premise and cloud) infrastructure is crucial.

CoGuard's team observed that there are a lot of policy checks on the layers communicating to the cloud, but the configurations inside specific compute devices such as physical servers, virtual machines or containers are mostly neglected, or have silo-ed solutions at best.

In order to have static analysis practices for IaC that go as deep as the available tools for code, every layer needs to be equally addressed.

In our practice, we observed that, at times, even an awareness of locations of configuration files is lacking. This is why we created a command line tool helping with discovering those configurations, and scanning them.

As an initial starting point for the CLI, we chose Docker images. Modern container scanners check for versions of software and libraries installed on those containers, and establish if there are common known vulnerabilities and exposures (CVEs). The CoGuard CLI is trying to find known configuration files for e.g. web servers or databases, and scans these for security and best practice. Additionally, the last Docker file used to create an image is analyzed as well.

Introduction to the CoGuard CLI

CoGuard is a comprehensive static analysis tool for IT infrastructure configurations (cloud and on-premise).

This project is the command line interface to CoGuard, with additional auto-discovery functionality.

In its current release, it scans Docker images and its contents. In particular, it searches for known configuration files of different software packages (like webservers, databases, etc.), and scans these configurations for security and best practice.

How to install it

CoGuard CLI can either be pulled from this repository and used directly, or installed via pip:

pip install coguard-cli

Keep in mind that it is a requirement to have Docker installed locally.

How to use it

After installing the CoGuard CLI, you can run a scan on your local images using

coguard docker-image [<YOUR-IMAGE-NAME-OR-ID>]

If you omit the image ID parameter, CoGuard will scan all the images currently stored on your device.

This step requires you to create a CoGuard account. After completion, this image check will return the findings of CoGuard on this particular image.

Here is a screenshot of a sample scan:

Current support and future plans

The currently supported auto-discovery of configuration files inside Docker containers is limited to the finders in this folder. This list will expand in the future. In addition, we are scanning the Dockerfile used to create the images, and will add some Linux configuration files in the near future.

Learn more

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ioah from gravatar.com ioah

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.3.10

0.3.9

0.3.8

0.3.7

0.3.6

0.3.5

0.3.4

0.3.3

0.3.0

0.2.51

0.2.50

0.2.49

0.2.48

0.2.47

0.2.46

0.2.45

0.2.44

0.2.43

0.2.42

0.2.41

0.2.40

0.2.39

0.2.38

0.2.37

0.2.36

0.2.35

0.2.34

0.2.33

0.2.32

0.2.31

0.2.30

0.2.29

0.2.28

0.2.27

0.2.26

0.2.25

0.2.24

0.2.23

0.2.22

0.2.21

0.2.20

0.2.19

0.2.17

0.2.16

0.2.15

0.2.14

0.2.13

0.2.12

0.2.11

0.2.10

0.2.9

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

0.1.21

0.1.20

0.1.19

0.1.18

0.1.17

0.1.16

0.1.15

0.1.14

0.1.13

0.1.12

0.1.11

0.1.10

0.1.9

0.1.8

This version

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

coguard-cli-0.1.7.tar.gz (34.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

coguard_cli-0.1.7-py3-none-any.whl (59.8 kB view details)

Uploaded Python 3

File details

Details for the file coguard-cli-0.1.7.tar.gz.

File metadata

  • Download URL: coguard-cli-0.1.7.tar.gz
  • Upload date:
  • Size: 34.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.5

File hashes

Hashes for coguard-cli-0.1.7.tar.gz
Algorithm Hash digest
SHA256 c232fbbde48a19cbee47392ea7eebd0ee4e64967a576d9ad16a11203e9a1a840
MD5 beb080b4b6990df46df6a8c97eea6ccc
BLAKE2b-256 8bc97e358210d5b9d1dc80fb8cdc97c260cc93a1aa8d3ae15b2205582b965ff8

See more details on using hashes here.

File details

Details for the file coguard_cli-0.1.7-py3-none-any.whl.

File metadata

  • Download URL: coguard_cli-0.1.7-py3-none-any.whl
  • Upload date:
  • Size: 59.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.5

File hashes

Hashes for coguard_cli-0.1.7-py3-none-any.whl
Algorithm Hash digest
SHA256 f83782bfe8eb2c35126ca9dfc423aab90eba083fa757d6c47ab9c5d137fff49e
MD5 7458fe4ce224e0babf21fa2f5fc2eaee
BLAKE2b-256 b58c297ed52309e1b702bfb8b69f6fffdcd669adae2a969d43e97e7d3d3b467b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page