Enterprise-grade threat assessment and vulnerability analysis platform for Docker containers and software dependencies
Project description
Threat Radar (tr-nvd)
A comprehensive threat assessment and vulnerability analysis platform for Docker containers and software dependencies.
๐ฏ Overview
Threat Radar provides enterprise-grade security analysis with:
- ๐ณ Docker Container Analysis - Multi-distro package extraction and analysis
- ๐ฆ SBOM Generation - CycloneDX, SPDX, Syft JSON formats via Syft integration
- ๐ CVE Vulnerability Scanning - Powered by Grype for accurate, fast detection
- ๐ค AI-Powered Analysis - Intelligent vulnerability assessment and prioritization
- ๐ Comprehensive Reporting - JSON, Markdown, HTML with executive summaries
- ๐ Dashboard Integration - Grafana, Prometheus, and custom dashboards
๐ Quick Start
Prerequisites
Required:
- Python 3.8 or higher
- Docker (for container analysis)
- Grype (for CVE scanning)
- Syft (for SBOM generation)
Optional:
- OpenAI API key (for AI features) OR
- Ollama (for local AI)
Installation
1. Install External Tools
# macOS
brew install grype syft
# Linux
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh
# Verify installation
grype version
syft version
2. Install Threat Radar
# Clone repository
git clone https://github.com/Threat-Radar/tr.git
cd tr-nvd
# Option A: Using pip with requirements.txt
pip install -r requirements.txt
# Option B: Using pyproject.toml (development mode)
pip install -e .
# Option C: With development tools
pip install -r requirements-dev.txt
# Option D: With AI features (local models)
pip install -r requirements-ai.txt
3. Configure Environment (Optional)
# Copy example configuration
cp .env.example .env
# Edit .env and add your API keys (optional, for AI features):
# - OPENAI_API_KEY=sk-your-key-here
# - AI_PROVIDER=openai (or 'ollama' for local AI)
# - AI_MODEL=gpt-4o (or 'gpt-4-turbo', 'llama2' for Ollama)
4. Verify Installation
# Check CLI is working
threat-radar --help
# Run a quick scan
threat-radar cve scan-image alpine:3.18
๐ก Basic Usage
CVE Vulnerability Scanning
# Scan Docker image for vulnerabilities
threat-radar cve scan-image alpine:3.18
# Scan with severity filter
threat-radar cve scan-image python:3.11 --severity HIGH
# Save results and auto-cleanup
threat-radar cve scan-image nginx:latest --auto-save --cleanup
# Scan SBOM file
threat-radar cve scan-sbom my-app-sbom.json --severity CRITICAL
# Scan local directory
threat-radar cve scan-directory ./my-project
SBOM Generation
# Generate SBOM from Docker image
threat-radar sbom docker alpine:3.18 -o sbom.json
# Generate from local directory
threat-radar sbom generate ./my-app -f cyclonedx-json
# Auto-save to organized storage
threat-radar sbom docker python:3.11 --auto-save
# Compare two SBOMs
threat-radar sbom compare alpine:3.17 alpine:3.18
AI-Powered Analysis
# Analyze vulnerabilities with AI
threat-radar ai analyze scan-results.json
# Generate prioritized remediation list
threat-radar ai prioritize scan-results.json --top 10
# Create remediation plan
threat-radar ai remediate scan-results.json -o remediation.json
Comprehensive Reporting
# Generate HTML report with AI executive summary
threat-radar report generate scan-results.json -o report.html -f html
# Executive summary for leadership
threat-radar report generate scan-results.json -o exec.md -f markdown --level executive
# Critical-only issues
threat-radar report generate scan-results.json --level critical-only
# Export dashboard data
threat-radar report dashboard-export scan-results.json -o dashboard.json
Docker Analysis
# Import and analyze image
threat-radar docker import-image ubuntu:22.04 -o analysis.json
# List packages in image
threat-radar docker packages alpine:3.18 --limit 20
# Generate Python SBOM
threat-radar docker python-sbom python:3.11 -o sbom.json
๐ Documentation
Getting Started
- Installation Guide - Complete setup instructions
- Examples Guide - Step-by-step tutorials
- CLI Reference - Complete command reference
- Troubleshooting - Common issues and solutions
Features
- CVE Scanning Guide - Vulnerability detection
- AI Analysis Guide - AI-powered features
- Reporting Guide - Report generation and formats
- SBOM Generation - SBOM capabilities
Development
- Developer Guide - Architecture and development
- Code Review - Code quality analysis
โจ Key Features
๐ CVE Vulnerability Scanning (Grype-Powered)
- Docker image scanning - Comprehensive vulnerability detection
- SBOM scanning - Analyze pre-generated SBOMs
- Directory scanning - Local project analysis
- Zero API rate limits - Offline local database
- Auto-cleanup - Automatic image removal after scan
- Auto-save - Timestamped results in organized storage
- Severity filtering - Focus on CRITICAL/HIGH issues
# Scan with all features
threat-radar cve scan-image myapp:latest \
--severity HIGH \
--auto-save \
--cleanup \
-o scan.json
๐ค AI-Powered Intelligence
- Multiple AI providers - OpenAI GPT-4o, Anthropic Claude, or Ollama
- Cloud or local - Choose based on privacy needs
- Vulnerability analysis - Exploitability and impact assessment
- Smart prioritization - Risk-based ranking
- Remediation planning - Actionable fix recommendations
# Complete AI workflow
threat-radar cve scan-image alpine:3.18 --auto-save -o scan.json
threat-radar ai analyze scan.json --auto-save
threat-radar ai prioritize scan.json --top 10
threat-radar ai remediate scan.json -o plan.json
๐ Comprehensive Reporting
- Multiple formats - JSON, Markdown, HTML
- Report levels - Executive, Summary, Detailed, Critical-only
- AI executive summaries - Risk ratings and business impact
- Dashboard data - Grafana/Prometheus compatible
- Trend analysis - Compare scans over time
# Generate reports for different audiences
threat-radar report generate scan.json -o exec.md --level executive # Leadership
threat-radar report generate scan.json -o detailed.html --level detailed # Security team
threat-radar report generate scan.json -o critical.json --level critical-only # DevOps
๐ฆ SBOM Generation (Syft-Powered)
- Multi-format - CycloneDX, SPDX, Syft JSON
- 13+ ecosystems - Python, npm, Go, Rust, Java, Ruby, PHP, etc.
- Docker images - Comprehensive OS + application packages
- Local directories - Project dependency analysis
- Organized storage - Automatic categorization
- Comparison - Track package changes
# Generate and compare SBOMs
threat-radar sbom docker myapp:v1.0 --auto-save
threat-radar sbom docker myapp:v2.0 --auto-save
threat-radar sbom compare myapp:v1.0 myapp:v2.0
๐ณ Docker Integration
- Multi-distro support - Alpine, Ubuntu, Debian, RHEL, CentOS, Fedora
- Package managers - APK, APT/dpkg, YUM/rpm
- Python packages - Pip package extraction
- Image analysis - Metadata and layer inspection
๐ง Configuration
Environment Variables (.env)
# AI Configuration (optional)
# Option 1: OpenAI (cloud)
OPENAI_API_KEY=sk-your-openai-api-key
AI_PROVIDER=openai
AI_MODEL=gpt-4o # Recommended: gpt-4o, gpt-4-turbo, or gpt-3.5-turbo-1106
# Option 2: Anthropic Claude (cloud)
ANTHROPIC_API_KEY=sk-ant-your-key-here
AI_PROVIDER=anthropic
AI_MODEL=claude-3-5-sonnet-20241022
# Option 3: Ollama (local)
AI_PROVIDER=ollama
AI_MODEL=llama2
LOCAL_MODEL_ENDPOINT=http://localhost:11434
Setting Up AI Features
OpenAI (Cloud)
- Get API key from https://platform.openai.com/api-keys
- Add to
.env:OPENAI_API_KEY=sk-your-key-here AI_PROVIDER=openai AI_MODEL=gpt-4o # Recommended: gpt-4o, gpt-4-turbo, or gpt-3.5-turbo-1106
Anthropic Claude (Cloud)
- Get API key from https://console.anthropic.com/
- Add to
.env:ANTHROPIC_API_KEY=sk-ant-your-key-here AI_PROVIDER=anthropic AI_MODEL=claude-3-5-sonnet-20241022
Available Models:
claude-3-5-sonnet-20241022(recommended, best balance)claude-3-opus-20240229(highest capability)claude-3-sonnet-20240229(faster, cost-effective)
Ollama (Local - Free)
# Install Ollama
brew install ollama # macOS
# or visit https://ollama.ai for other platforms
# Start Ollama service
ollama serve &
# Pull a model
ollama pull llama2
# Configure in .env
AI_PROVIDER=ollama
AI_MODEL=llama2
๐ Project Structure
tr-nvd/
โโโ threat_radar/ # Main package
โ โโโ core/ # Core functionality
โ โ โโโ container_analyzer.py
โ โ โโโ grype_integration.py # CVE scanning
โ โ โโโ syft_integration.py # SBOM generation
โ โ โโโ vulnerability_scanner.py
โ โโโ ai/ # AI-powered analysis
โ โ โโโ llm_client.py
โ โ โโโ vulnerability_analyzer.py
โ โ โโโ prioritization.py
โ โ โโโ remediation_generator.py
โ โโโ utils/ # Utilities
โ โ โโโ comprehensive_report.py
โ โ โโโ report_formatters.py
โ โ โโโ sbom_storage.py
โ โโโ cli/ # CLI commands
โ โโโ cve.py # CVE scanning commands
โ โโโ ai.py # AI analysis commands
โ โโโ report.py # Reporting commands
โ โโโ sbom.py # SBOM commands
โ โโโ docker.py # Docker commands
โโโ examples/ # Usage examples
โ โโโ 01_basic/ # Basic examples
โ โโโ 02_advanced/ # Advanced examples
โ โโโ 03_vulnerability_scanning/ # CVE scanning
โ โโโ 04_testing/ # Test scripts
โ โโโ 05_reporting/ # Reporting examples
โโโ docs/ # Documentation
โ โโโ reports/ # Analysis reports
โ โโโ development/ # Dev docs
โโโ tests/ # Unit tests
โโโ storage/ # Auto-generated (gitignored)
โ โโโ cve_storage/ # CVE scan results
โ โโโ ai_analysis/ # AI analysis results
โโโ sbom_storage/ # SBOM files (gitignored)
โ โโโ docker/ # Docker image SBOMs
โ โโโ local/ # Local project SBOMs
โ โโโ comparisons/ # Comparison results
โ โโโ archives/ # Historical SBOMs
โโโ requirements.txt # Core dependencies
โโโ requirements-dev.txt # Development dependencies
โโโ requirements-ai.txt # Optional AI dependencies
โโโ pyproject.toml # Project configuration
๐งช Testing
Run Tests
# Run all tests
pytest
# Run specific test file
pytest tests/test_docker_integration.py
# Run with coverage
pytest --cov=threat_radar --cov-report=html
# Run comprehensive report tests
pytest tests/test_comprehensive_report.py -v
Run Examples
# Basic examples
python examples/01_basic/hash_usage.py
# CVE scanning examples
python examples/03_vulnerability_scanning/demo_with_findings.py
# Reporting examples
python examples/05_reporting/01_basic_report_generation.py
python examples/05_reporting/02_ai_powered_reports.py
python examples/05_reporting/03_dashboard_integration.py
๐ฏ Common Workflows
Weekly Security Scan
#!/bin/bash
# weekly-scan.sh - Run every Monday
IMAGE="myapp:production"
WEEK=$(date +%Y-W%U)
# 1. Scan for vulnerabilities
threat-radar cve scan-image $IMAGE --auto-save -o scan-${WEEK}.json
# 2. Generate reports
threat-radar report generate scan-${WEEK}.json -o exec-${WEEK}.md --level executive
threat-radar report generate scan-${WEEK}.json -o detailed-${WEEK}.html -f html
# 3. AI analysis
threat-radar ai analyze scan-${WEEK}.json --auto-save
threat-radar ai prioritize scan-${WEEK}.json --top 10 -o priorities-${WEEK}.json
# 4. Export dashboard data
threat-radar report dashboard-export scan-${WEEK}.json -o dashboard-${WEEK}.json
CI/CD Integration
# .github/workflows/security-scan.yml
name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Grype
run: |
curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh
- name: Build image
run: docker build -t app:${{ github.sha }} .
- name: Install Threat Radar
run: pip install -r requirements.txt
- name: Scan for vulnerabilities
run: |
threat-radar cve scan-image app:${{ github.sha }} \
--auto-save --cleanup -o scan.json
- name: Check for critical issues
run: |
threat-radar report generate scan.json \
--level critical-only -o critical.json
CRITICAL=$(jq '.summary.critical' critical.json)
if [ $CRITICAL -gt 0 ]; then
echo "โ Found $CRITICAL critical vulnerabilities!"
exit 1
fi
๐ Performance
Scan Performance
- Alpine 3.18: ~2-3 seconds (15 packages)
- Python 3.11-slim: ~4-5 seconds (97 packages)
- Ubuntu 22.04: ~5-7 seconds (200+ packages)
Accuracy
- Precision: 100% (0 false positives in validation tests)
- Coverage: All package ecosystems supported by Grype/Syft
- Test Results: 15/15 examples passing
๐ ๏ธ Development
Code Quality
# Format code
black threat_radar/ tests/
# Type checking
mypy threat_radar/
# Linting
flake8 threat_radar/
# Run all quality checks
black threat_radar/ tests/ && mypy threat_radar/ && flake8 threat_radar/
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests:
pytest - Submit a pull request
๐ License
MIT License - See LICENSE file for details
๐ค Support
- Issues: GitHub Issues
- Documentation: docs/
- Examples: examples/
- Troubleshooting: examples/TROUBLESHOOTING.md
๐ Acknowledgments
- Grype - Anchore's vulnerability scanner
- Syft - Anchore's SBOM generation tool
- NVD - NIST National Vulnerability Database
- Docker SDK - Docker Python integration
- OpenAI - AI-powered analysis (GPT-4o, GPT-4 Turbo)
- Anthropic - AI-powered analysis (Claude)
- Ollama - Local AI models
๐ Recent Updates
Version 0.1.0 (Latest)
โ Grype integration - Fast, accurate CVE scanning โ AI-powered analysis - OpenAI and Ollama support โ Comprehensive reporting - Multi-format with executive summaries โ Dashboard integration - Grafana/Prometheus compatible โ Auto-save features - Organized storage with timestamps โ Cleanup automation - Smart image removal after scanning
Status: โ Production Ready | Version: 0.1.0 | Last Updated: 2025-10-16
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
threat_radar-0.3.0.tar.gz
(323.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
threat_radar-0.3.0-py3-none-any.whl
(250.9 kB
view details)
File details
Details for the file threat_radar-0.3.0.tar.gz.
File metadata
- Download URL: threat_radar-0.3.0.tar.gz
- Upload date:
- Size: 323.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fe03f93930378996c7cb0bb2b7b13b84b55edc4e4d93b6028ed6ffba9395d1e5
|
|
| MD5 |
81c2a249d52c11db51bb766923aac47e
|
|
| BLAKE2b-256 |
a047f31f58fe5ec44a627b6b56ce419e9d873817973fb7c50856f9f43c7d5963
|
File details
Details for the file threat_radar-0.3.0-py3-none-any.whl.
File metadata
- Download URL: threat_radar-0.3.0-py3-none-any.whl
- Upload date:
- Size: 250.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fde69b1ef63929445a6a106cab6a06443bb4ba35dba547258e37589c0f0d550e
|
|
| MD5 |
3969241c5e754c379bebe261b0df2085
|
|
| BLAKE2b-256 |
44c630c17fc98970aeec6178af2e89d20d4e3ed5e4e7a37a5cb377d48b4e79e2
|
