Tool for DevSecOps strategy
Project description
DevSecOps Engine Tools
Objective
Tool that unifies the evaluation of the different devsecops practices being agnostic to the devops platform, using both open source and market tools.
Component
๐ฆ tools: DevSecOps Practice Modules
Communications channel
Here are the channels we use to communicate about the project:
1. Mailing list: You can join our mailing list to always be informed at the following link: CommunityDevsecopsEngine
2. Email: You can write to us by email: MaintainersDevsecopsEngine@googlegroups.com
Getting started
Requirements
- Python >= 3.8
Installation
pip3 install devsecops-engine-tools
Scan running - flags (CLI)
devsecops-engine-tools --platform_devops ["local","azure"] --remote_config_repo ["remote_config_repo"] --tool ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container"] --folder_path ["Folder path scan engine_iac"] --platform ["eks","openshift"] --use_secrets_manager ["false", "true"] --use_vulnerability_management ["false", "true"] --send_metrics ["false", "true"] --token_cmdb ["token_cmdb"] --token_vulnerability_management ["token_vulnerability_management"] --token_engine_container ["token_engine_container"] --token_engine_dependencies ["token_engine_dependencies"]
Structure Remote Config
๐ฆRemote_Config
โฃ ๐engine_core
โ โ ๐ConfigTool.json
โฃ ๐engine_sast
โ โ ๐engine_iac
โ โ ๐ConfigTool.json
โ โ ๐Exclusions.json
โ โ ๐engine_secret
โ โ ๐ConfigTool.json
โฃ ๐engine_sca
โ โ ๐engine_container
โ โ ๐ConfigTool.json
โ โ ๐Exclusions.json
โ โ ๐engine_dependencies
โ โ ๐ConfigTool.json
โ โ ๐Exclusions.json
Scan running sample (CLI) - Local
Complete the value in .envdetlocal file a set in execution environment
$ set -a
$ source .envdetlocal
$ set +a
devsecops-engine-tools --platform_devops local --remote_config_repo DevSecOps_Remote_Config --tool engine_iac
Scan result sample (CLI)
____ _____ ____ ______ _ ______ __
/ __ \___ _ __/ ___/___ _____/ __ \____ _____ / ____/___ ____ _(_)___ ___ /_ __/___ ____ / /____
/ / / / _ \ | / /\__ \/ _ \/ ___/ / / / __ \/ ___/ / __/ / __ \/ __ `/ / __ \/ _ \ / / / __ \/ __ \/ / ___/
/ /_/ / __/ |/ /___/ / __/ /__/ /_/ / /_/ (__ ) / /___/ / / / /_/ / / / / / __/ / / / /_/ / /_/ / (__ )
/_____/\___/|___//____/\___/\___/\____/ .___/____/ /_____/_/ /_/\__, /_/_/ /_/\___/ /_/ \____/\____/_/____/
/_/ /____/
Secrets manager is not enabled to configure external checks
Below are all vulnerabilities detected.
โโโโโโโโโโโโฆโโโโโโโโโโโโโฆโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฆโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Severity โ ID โ Description โ Where โ
โ โโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ critical โ CKV_K8S_37 โ IAC-CKV_K8S_37 Minimize the admission of containers with capabilities assigned โ /_AW1234/app.yaml โ
โ critical โ CKV_K8S_20 โ IAC-CKV_K8S_20 Containers should not run with allowPrivilegeEscalation โ /_AW1234/app.yaml โ
โ critical โ CKV_K8S_30 โ IAC-CKV_K8S_30 Apply security context to your containers โ /_AW1234/app.yaml โ
โ critical โ CKV_K8S_23 โ IAC-CKV_K8S_23 Minimize the admission of root containers โ /_AW1234/app.yaml โ
โ high โ CKV_AWS_20 โ C-S3-005-AWS S3 buckets are accessible to public โ /_AW1234/template.yaml โ
โ high โ CKV_K8S_22 โ IAC-CKV_K8S_22 Use read-only filesystem for containers where possible โ /_AW1234/app.yaml โ
โ high โ CKV_K8S_28 โ IAC-CKV_K8S_28 Minimize the admission of containers with the NET_RAW capability โ /_AW1234/app.yaml โ
โ high โ CKV_K8S_38 โ IAC-CKV_K8S_38 Ensure that Service Account Tokens are only mounted where necessary โ /_AW1234/app.yaml โ
โโโโโโโโโโโโฉโโโโโโโโโโโโโฉโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉโโโโโโโโโโโโโโโโโโโโโโโโโ
Security count issues (critical: 4, high: 4, medium: 0, low: 0) is greater than or equal to failure criteria (critical: 1, high: 8, medium: 10, low:15, operator: or)
โFailed
Below are all compliances issues detected.
โโโโโโโโโโโโฆโโโโโโโโโโโโฆโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฆโโโโโโโโโโโโโโโโโโโโ
โ Severity โ ID โ Description โ Where โ
โ โโโโโโโโโโโฌโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโฃ
โ critical โ CKV_K8S_8 โ IAC-CKV_K8S_8 Liveness Probe Should be Configured โ /_AW1234/app.yaml โ
โ critical โ CKV_K8S_9 โ IAC-CKV_K8S_9 Readiness Probe Should be Configured โ /_AW1234/app.yaml โ
โโโโโโโโโโโโฉโโโโโโโโโโโโฉโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉโโโโโโโโโโโโโโโโโโโโ
Compliance issues count (critical: 2) is greater than or equal to failure criteria (critical: 1)
โFailed
Bellow are all the findings that were accepted.
โโโโโโโโโโโโฆโโโโโโโโโโโโโฆโโโโโโโโโโโโโโโโโโโโฆโโโโโโโโโโโโโโฆโโโโโโโโโโโโโโโฆโโโโโโโโโโโโโโโโโโโ
โ Severity โ ID โ Where โ Create Date โ Expired Date โ Reason โ
โ โโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโฃ
โ high โ CKV_K8S_38 โ /_AW1234/app.yaml โ 18/11/2023 โ 18/03/2024 โ False Positive โ
โโโโโโโโโโโโฉโโโโโโโโโโโโโฉโโโโโโโโโโโโโโโโโโโโฉโโโโโโโโโโโโโโฉโโโโโโโโโโโโโโโฉโโโโโโโโโโโโโโโโโโโ
message custom
How can I help?
Review the issues, we hear new ideas. Read more Contributing
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for devsecops_engine_tools-1.7.7.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ee83a0ac8fa7d7369931024575a01314fd6062b5fc3a34215fba9cfa4e6c5b86 |
|
| MD5 | b5f4ff2f0adaeb4fe1d09286320ef67e |
|
| BLAKE2b-256 | 467dca923bb5cee0a1c7b279471bc7b97755ec1984d28d19e482fe81fb7a3069 |
Close
Hashes for devsecops_engine_tools-1.7.7-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f2e3aa67c06209ba615b1784e8f46176653f2d589f7090b887bddb22af682de4 |
|
| MD5 | dcfa422aa6c8bfc6bef689eab897b236 |
|
| BLAKE2b-256 | 2f1bf09f6b9ac37de939e1615e0d963aab6004da82fceabd84118e041f6ed5b9 |
