heroku/terrier heroku/terrier

  • Stars
    star
    226
  • Rank 170,150 (Top 4 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
heroku/terrier
github

heroku

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.

Terrier Logo

Terrier

Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes. A detailed writeup of Terrier can be found on the Heroku blog, https://blog.heroku.com/terrier-open-source-identifying-analyzing-containers.

Installation

Binaries

For installation instructions from binaries please visit the Releases Page.

Via Go

$ go get github.com/heroku/terrier

Building from source

Via go

$ go build

or

$ make all

Usage

$ ./terrier -h
Usage of ./terrier:
  -cfg string
        Load config from provided yaml file (default "cfg.yml")

An OCI TAR of the image to be scanned is required, this is provided to Terrier via the "Image" value in the cfg.yml.

The following Docker command can be used to convert a Docker image to a TAR that can be scanned by Terrier.

# docker save imageid -o image.tar

$ ./terrier 
[+] Loading config: cfg.yml
[+] Analysing Image
[+] Docker Image Source:  image.tar
[*] Inspecting Layer:  05c3c2c60920f68b506d3c66e0f6148b81a8b0831388c2d61be5ef02190bcd1f
[!] All components were identified and verified: (493/493)

Example YML config

Terrier parses YAML, below is an example config.

#THIS IS AN EXAMPLE CONFIG, MODIFY TO YOUR NEEDS

mode: image
image: image.tar
# mode: container
# path: merged
# verbose: true
# veryverbose: true

files:
  - name: '/usr/bin/curl'
    hashes:
      - hash: '2353cbb7b47d0782ba8cdd9c7438b053c982eaaea6fbef8620c31a58d1e276e8'
      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aaa'
      - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96'
      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'
  - name: '/usr/bin/go'
    hashes:
      - hash: '2353cbb7b47d0782ba8cdd9c7438b053c982eaaea6fbef8620c31a58d1e276e8'

#UNCOMMENT TO ANALYZE HASHES
#     hashes:
#       - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'
#       - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aa'
#       - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aa'

What does Terrier do?

Terrier is a CLI tool that allows you to:

  • Scan an OCI image for the presence of one or more files that match one or more provided SHA256 hashes
  • Scan a running Container for the presence of one or more files that match one or more provided SHA256 hashes

What is Terrier useful for?

Scenario 1

Terrier can be used to verify if a specific OCI image is making use of a specific binary, which useful in a supply chain verification scenario. For example, we may want to check that a specific Docker image is making use of a specific version or versions of cURL. In this case, Terrier is supplied with the SHA256 hashes of the binaries that are trusted.

An example YAML file for this scenario might look like this:

mode: image
# verbose: true
# veryverbose: true
image: golang1131.tar

files:
  - name: '/usr/local/bin/analysis.sh'
    hashes:
       - hash: '9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105'
  - name: '/usr/bin/curl'
    hashes:
       - hash: '23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495'
  - name: '/usr/local/bin/staticcheck'
    hashes:
       - hash: '73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2'

Scenario 2

Terrier can be used to verify the presence of a particular file or files in a OCI image according to a set of provided hashes. This can be useful to check if an OCI image contains a malicious file or a file that is required to be identified.

An example YAML file for this scenario might look like this:

mode: image
# verbose: true
# veryverbose: true
image: alpinetest.tar
hashes:
  - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'
  - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2'
  - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41'
  - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96'

Scenario 3

Terrier can be used to verify the components of Containers at runtime by analysing the contents of /var/lib/docker/overlay2/.../merged An example YAML file for this scenario might look like this:

mode: container
verbose: true
# veryverbose: true
# image: latestgo13.tar
path: merged

files:
  - name: '/usr/local/bin/analysis.sh'
    hashes:
       - hash: '9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105'
  - name: '/usr/local/go/bin/go'
    hashes:
       - hash: '23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495'
  - name: '/usr/local/bin/staticcheck'
    hashes:
       - hash: '73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2'
  - name: '/usr/local/bin/gosec'
    hashes:
       - hash: 'e7cb8304e032ccde8e342a7f85ba0ba5cb0b8383a09a77ca282793ad7e9f8c1f'
  - name: '/usr/local/bin/errcheck'
    hashes:
       - hash: '41f725d7a872cad4ce1f403938937822572e0a38a51e8a1b29707f5884a2f0d7'
  - name: '/var/lib/dpkg/info/apt.postrm'
    hashes:
       - hash: '6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c'

Usage

Example 1

Terrier is a CLI and makes use of YAML. An example YAML config:

mode: image
# verbose: true
# veryverbose: true
image: alpinetest.tar
files:
  - name: '/usr/local/go/bin/go'
    hashes:
      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'
      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aaa'
      - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aaa'
      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'
  - name: '/usr/bin/delpart'
    hashes:
      - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96aaa'
  - name: '/usr/bin/stdbuf'
    hashes:
      - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521faa'
      - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2aa'
      - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41aa'

In the example below, Terrier has being instructed via the YAML above to verify multiple files.

$./terrier 
[+] Loading config: cfg.yml
[+] Analysing Image
[+] Docker Image Source:  alpinetest.tar
[*] Inspecting Layer:  05c3c2c60920f68b506d3c66e0f6148b81a8b0831388c2d61be5ef02190bcd1f
[*] Inspecting Layer:  09c25a178d8a6f8b984f3e72ca5ec966215b24a700ed135dc062ad925aa5eb23
[*] Inspecting Layer:  36351e8e1da92268d40245cfbcd499a1173eeacc23be428386c8fc0a16f0b10a
[*] Inspecting Layer:  7224ca1e886eeb7e63a9e978b1a811ed52f4a53ccb65f7c510fa04a0d1103fdf
[*] Inspecting Layer:  7a2e464d80c7a1d89dab4321145491fb94865099c59975cfc840c2b8e7065014
[*] Inspecting Layer:  88a583fe02f250344f89242f88309c666671042b032411630de870a111bea971
[*] Inspecting Layer:  8db14b6fdd2cf8b4c122824531a4d85e07f1fecd6f7f43eab7f2d0a90d8c4bf2
[*] Inspecting Layer:  9196e3376d1ed69a647e728a444662c10ed21feed4ef7aaca0d10f452240a09a
[*] Inspecting Layer:  92db9b9e59a64cdf486203189d02acff79c3360788b62214a49d2263874ee811
[*] Inspecting Layer:  bc4bb4a45da628724c9f93400a9149b2dd8a5d437272cb4e572cfaec64512d98
[*] Inspecting Layer:  be7d600e4e8ed3000e342ef6482211350069d935a14aeff4d9fc3289e1426ed3
[*] Inspecting Layer:  c4cec85dfa44f0a8856064922cff1c39b872b506dd002e33664d11a80f75a149
[*] Inspecting Layer:  c998d6f023b7b9e3c186af19bcd1c2574f0d01b943077281ac5bd32e02dc57a5
[!] All components were identified and verified: (493/493)

Terrier sets its return code depending on the result of the tests, in the case of the test above, the return code will be "0" which indicates a successful test as 1 instance of each provided component was identified and verified.

Example 2

Terrier is instructed to identify any files in the provided image that match the provided SHA256 hashes. YAML file cfg.yml

mode: image
# verbose: true
# veryverbose: true
image: 1070caa1a8d89440829fd35d9356143a9d6185fe7f7a015b992ec1d8aa81c78a.tar
hashes:
  - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'
  - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2'
  - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41'
  - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96'

Running Terrier.

./terrier 
[+] Loading config: cfg.yml
[+] Docker Image Source:  golang.tar
[*] Inspecting Layer:  1070caa1a8d89440829fd35d9356143a9d6185fe7f7a015b992ec1d8aa81c78a
[*] Inspecting Layer:  414833cdb33683ab8607565da5f40d3dc3f721e9a59e14e373fce206580ed40d
[*] Inspecting Layer:  6bd93c6873c822f793f770fdf3973d8a02254a5a0d60d67827480797f76858aa
[*] Inspecting Layer:  c40c240ae37a2d2982ebcc3a58e67bf07aeaebe0796b5c5687045083ac6295ed
[*] Inspecting Layer:  d2850df0b6795c00bdce32eb9c1ad9afc0640c2b9a3e53ec5437fc5539b1d71a
[*] Inspecting Layer:  f0c2fe7dbe3336c8ba06258935c8dae37dbecd404d2d9cd74c3587391a11b1af
        [!] Found file 'f0c2fe7dbe3336c8ba06258935c8dae37dbecd404d2d9cd74c3587391a11b1af/usr/bin/curl' with hash: 9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96
[*] Inspecting Layer:  f2d913644763b53196cfd2597f21b9739535ef9d5bf9250b9fa21ed223fc29e3
echo $?
1

Example 3

Terrier is instructed to analyze and verify the contents of the container's merged contents located at "merged" where merged is possibly located at /var/lib/docker/overlay2/..../merged . An example YAML file for this scenario might look like this:

mode: container
verbose: true
# veryverbose: true
# image: latestgo13.tar
path: merged

files:
  - name: '/usr/local/bin/analysis.sh'
    hashes:
       - hash: '9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105'
  - name: '/usr/local/go/bin/go'
    hashes:
       - hash: '23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495'
  - name: '/usr/local/bin/staticcheck'
    hashes:
       - hash: '73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2'
  - name: '/usr/local/bin/gosec'
    hashes:
       - hash: 'e7cb8304e032ccde8e342a7f85ba0ba5cb0b8383a09a77ca282793ad7e9f8c1f'
  - name: '/usr/local/bin/errcheck'
    hashes:
       - hash: '41f725d7a872cad4ce1f403938937822572e0a38a51e8a1b29707f5884a2f0d7'
  - name: '/var/lib/dpkg/info/apt.postrm'
    hashes:
       - hash: '6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c'

Running Terrier to analyse the running Container.

[+] Loading config: cfg.yml
[+] Analysing Container
[!] Found matching instance of '/usr/local/bin/analysis.sh' at: merged/usr/local/bin/analysis.sh with hash:9adc0bf7362bb66b98005aebec36691a62c80d54755e361788c776367d11b105
[!] Found matching instance of '/usr/local/bin/errcheck' at: merged/usr/local/bin/errcheck with hash:41f725d7a872cad4ce1f403938937822572e0a38a51e8a1b29707f5884a2f0d7
[!] Found matching instance of '/usr/local/bin/gosec' at: merged/usr/local/bin/gosec with hash:e7cb8304e032ccde8e342a7f85ba0ba5cb0b8383a09a77ca282793ad7e9f8c1f
[!] Found matching instance of '/usr/local/bin/staticcheck' at: merged/usr/local/bin/staticcheck with hash:73f89162bacda8dd2354021dc56dc2f3dba136e873e372312843cd895dde24a2
[!] Found matching instance of '/usr/local/go/bin/go' at: merged/usr/local/go/bin/go with hash:23afbfab4f35ac90d9841a6e05f0d1487b6e0c3a914ea8dab3676c6dde612495
[!] Found matching instance of '/var/lib/dpkg/info/apt.postrm' at: merged/var/lib/dpkg/info/apt.postrm with hash:6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c
[!] All components were identified and verified: (6/6)

Integrating with CI

Terrier has been designed to assist in the prevention of supply chain attacks. To utilise Terrier with CI's such as Github actions or CircleCI, the following example configurations might be useful.

CircleCI Example

config.yml

version: 2
jobs:
build:
  machine: true
  steps:
    - checkout
    - run:
       name: Build Docker Image
       command: |
             docker build -t builditall .
    - run:
       name: Save Docker Image Locally
       command: |
             docker save builditall -o builditall.tar
    - run:
       name: Verify Docker Image Binaries
       command: |
             ./terrier_linux_amd64

Terrier cfg.yml

mode:image
image: builditall.tar
files:
- name: '/bin/wget'
 hashes:
   - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'
   - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2a'
   - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41a'
- name: '/sbin/sulogin'
 hashes:
   - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96aaa'

Github Actions Example

go.yml

name: Go
on: [push]
jobs:
build:
  name: Build
  runs-on: ubuntu-latest
  steps:

  - name: Get Code
    uses: actions/checkout@master
  - name: Build Docker Image
    run: |
      docker build -t builditall .
  - name: Save Docker Image Locally
    run: |
      docker save builditall -o builditall.tar
  - name: Verify Docker Image Binaries
    run: |
      ./terrier_linux_amd64

Terrier cfg.yml

mode: image
image: builditall.tar
files:
- name: '/bin/wget'
 hashes:
   - hash: '8b7c559b8cccca0d30d01bc4b5dc944766208a53d18a03aa8afe97252207521f'
   - hash: '22e88c7d6da9b73fbb515ed6a8f6d133c680527a799e3069ca7ce346d90649b2a'
   - hash: '60a2c86db4523e5d3eb41a247b4e7042a21d5c9d483d59053159d9ed50c8aa41a'
- name: '/bin/sbin/sulogin'
 hashes:
   - hash: '9a43cb726fef31f272333b236ff1fde4beab363af54d0bc99c304450065d9c96aaa'

Converting SHASUM 256 Hashes to a Terrier Config File

Sometimes the source of SHA256 hashes is produced from other tools in the following format:

6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c  ./var/lib/dpkg/info/apt.postrm
6374f7996297a6933c9ccae7eecc506a14c85112bf1984c12da1f975dab573b2  ./var/lib/dpkg/info/mawk.postinst
fd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.preinst
fd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.postrm
8a278d8f860ef64ae49a2d3099b698c79dd5184db154fdeaea1bc7544c2135df  ./var/lib/dpkg/info/debconf.postrm
1e6edefb6be6eb6fe8dd60ece5544938197b2d1d38a2d4957c069661bc2591cd  ./var/lib/dpkg/info/base-files.prerm
198c13dfc6e7ae170b48bb5b997793f5b25541f6e998edaec6e9812bc002915f  ./var/lib/dpkg/info/passwd.postinst

The format above contains the data we need for Terrier but is in the wrong format. We have included a script called convertSHA.sh which can be used to convert a file with the file paths and hash values as seen above into a valid Terrier config file.

This can be seen in the following example:

# cat hashes-SHA256.txt
6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c  ./var/lib/dpkg/info/apt.postrm
6374f7996297a6933c9ccae7eecc506a14c85112bf1984c12da1f975dab573b2  ./var/lib/dpkg/info/mawk.postinst
fd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.preinst
fd72e78277680d02dcdb5d898fc9e3fed00bf011ccf31deee0f9e5f4cf299055  ./var/lib/dpkg/info/lsb-base.postrm
8a278d8f860ef64ae49a2d3099b698c79dd5184db154fdeaea1bc7544c2135df  ./var/lib/dpkg/info/debconf.postrm
1e6edefb6be6eb6fe8dd60ece5544938197b2d1d38a2d4957c069661bc2591cd  ./var/lib/dpkg/info/base-files.prerm
198c13dfc6e7ae170b48bb5b997793f5b25541f6e998edaec6e9812bc002915f  ./var/lib/dpkg/info/passwd.postinst

# ./convertSHA.sh hashes-SHA256.txt output.yml
Converting hashes-SHA256.txt to Terrier YML: output.yml

# cat output.yml
mode: image
#mode: container
image: image.tar
#path: path/to/container/merged
#verbose: true
#veryverbose: true
files:
 - name: '/var/lib/dpkg/info/apt.postrm'
   hashes:
      - hash: '6a8f9af3abcfb8c6e35887d11d41a83782b50f5766d42bd1e32a38781cba0b1c'
 - name: '/var/lib/dpkg/info/mawk.postinst'
   hashes:
      - hash: '6374f7996297a6933c9ccae7eecc506a14c85112bf1984c12da1f975dab573b2'

More Repositories

1

react-refetch

A simple, declarative, and composable way to fetch data for React components
JavaScript
3,439
star
2

legacy-cli

Heroku CLI
Ruby
1,370
star
3

heroku-pg-extras

A heroku plugin for awesome pg:* commands that are also great and fun and super.
JavaScript
1,306
star
4

heroku-buildpack-nodejs

The official Heroku buildpack for Node.js apps.
Shell
1,265
star
5

node-js-getting-started

Getting Started with Node on Heroku
EJS
1,054
star
6

logplex

[DEPRECATED] Heroku log router
Erlang
984
star
7

heroku-buildpack-python

The official Heroku buildpack for Python apps
Ruby
953
star
8

heroku-django-template

A Django 2.0 base template featuring all recommended best practices for deployment on Heroku and local development.
Python
901
star
9

node-js-sample

This repository is deprecated. Head over to https://github.com/heroku/node-js-getting-started
JavaScript
847
star
10

cli

Heroku CLI
JavaScript
847
star
11

rails_12factor

Ruby
845
star
12

python-getting-started

Getting Started with Python on Heroku.
Python
818
star
13

heroku-buildpack-php

The official PHP buildpack for Heroku.
Shell
799
star
14

heroku-buildpack-go

Heroku Go Buildpack
Shell
790
star
15

heroku-buildpack-ruby

Heroku's Ruby Buildpack
Ruby
778
star
16

hk

DEPRECATED: see
Go
709
star
17

heroku-buildpack-static

[DEPRECATED] Heroku buildpack for handling static sites and single page web apps
Ruby
681
star
18

heroku-repo

Plugin for heroku CLI that can manipulate the repo
JavaScript
680
star
19

vegur

Vegur: HTTP Proxy Library
Erlang
620
star
20

heroku-accounts

Helps use multiple accounts on Heroku.
JavaScript
548
star
21

django-heroku

[DEPRECATED] Do not use! See https://github.com/heroku/django-heroku/issues/56
Python
465
star
22

heroku-buildpack-pgbouncer

Run pgbouncer in a dyno along with your application
Shell
335
star
23

devcenter-embedded-tomcat

Java
330
star
24

webapp-runner

Lightweight Application Launcher. Launch your webapp in the most popular open source web container available with a single command.
Java
319
star
25

docker-registry-client

A Go API client for the v2 Docker Registry API
Go
287
star
26

heroku-buildpack-google-chrome

Run (headless) Google Chrome on Heroku
Shell
283
star
27

stack-images

Recipies for building Heroku's stack images
Shell
264
star
28

java-getting-started

Getting Started with Java on Heroku
HTML
248
star
29

identity

[DEPRECATED] Login and OAuth management service for Heroku
CSS
247
star
30

go-getting-started

Getting Started with Go on Heroku https://devcenter.heroku.com/articles/getting-started-with-go
Dockerfile
246
star
31

heroku-buildpack-nginx

Run NGINX in a Heroku app
Shell
242
star
32

heroku-buildpack-apt

Buildpack that installs APT based dependencies
Shell
239
star
33

log-shuttle

HTTP log transport.
Go
236
star
34

umpire

HTTP metrics monitoring endpoint
Ruby
221
star
35

platform-api

Ruby HTTP client for the Heroku API
Ruby
211
star
36

starboard

onboarding, offboarding, or crossboarding made easy
SCSS
204
star
37

salesforce-bulk

Python interface to the Salesforce.com Bulk API
Python
203
star
38

php-getting-started

Getting Started with PHP on Heroku
Twig
200
star
39

heroku-container-tools

DEPRECATED Heroku Toolbelt plugin to help configure, test and release apps to Heroku using local containers.
JavaScript
195
star
40

heroku-buildpack-scala

Heroku buildpack: Scala
Shell
190
star
41

node-heroku-client

A wrapper around the Heroku API for Node.js
JavaScript
188
star
42

roadmap

This is the public roadmap for Salesforce Heroku services.
187
star
43

vulcan

A build server in the cloud.
Ruby
172
star
44

pg_lock

Use Postgres advisory lock to isolate code execution across machines
Ruby
168
star
45

awsdetailedbilling

A toolkit for importing AWS detailed billing reports into Redshift
JavaScript
167
star
46

heroku-buildpack-java

A Heroku buildpack for Java apps.
Shell
167
star
47

pulse

DEPRECATED: Real-time Heroku operations dashboard
Clojure
161
star
48

heroku.rb

DEPRECATED! Official Heroku Ruby Legacy API wrapper
Ruby
161
star
49

heroku-buildpack-multi

[DEPRECATED] Please use https://devcenter.heroku.com/articles/using-multiple-buildpacks-for-an-app instead
Shell
157
star
50

erlang-in-anger

A little guide about how to be the Erlang medic in a time of war. It is first and foremost a collection of tips and tricks to help understand where failures come from, and a dictionary of different code snippets and practices that helped developers debug production systems that were built in Erlang.
TeX
157
star
51

plexy

A toolkit for building excellent APIs with Elixir
Elixir
154
star
52

heroku-buildpack-multi-procfile

Everyone gets a Procfile!
Shell
150
star
53

log2viz

DEFUNCT: Realtime analysis of your Heroku app logs.
Ruby
145
star
54

heroku.py

DEPRECATED! Heroku API wrapper for Python.
Python
142
star
55

facebook-template-nodejs

JavaScript
136
star
56

ruby-getting-started

Getting Started with Ruby on Heroku
Ruby
120
star
57

heroku-buildpack-chromedriver

Installs chromedriver in a Heroku slug
Shell
117
star
58

heroku-buildpack-clojure

Heroku's buildpack for Clojure applications.
Shell
115
star
59

mobile-template1

JavaScript
115
star
60

instruments

Collecting metrics over discrete time intervals
Go
112
star
61

heroku-sbt-plugin

An sbt plugin for deploying Heroku Scala applications
Scala
111
star
62

heroku-buildpack-erlang

Erlang buildpack
Shell
107
star
63

cli-engine

TypeScript
97
star
64

semver.io

*DEPRECATED* The semver.io instance has now been sunset: https://github.com/heroku/semver.io/issues/74
CoffeeScript
96
star
65

facebook-template-php

example facebook app for heroku
PHP
96
star
66

terraform-provider-heroku

Terraform Heroku provider
Go
95
star
67

dotnet-buildpack

ASP.NET 5 Buildpack
Shell
92
star
68

kensa

A tool to help Heroku add-on providers integrate their services with Heroku
Ruby
92
star
69

netrc

Reads and writes netrc files.
Ruby
89
star
70

hstore_example

Ruby
89
star
71

alpinehelloworld

An Alpine-based Docker example
Python
85
star
72

heroku-kong

🐒 Kong API gateway as a Heroku app
Lua
84
star
73

heroku-buildpack-hello

Shell
82
star
74

heroku-releases-retry

CLI plugin to allow retrying the latest release-phase command
JavaScript
79
star
75

faceplate

A Node.js wrapper for Facebook authentication and API
JavaScript
76
star
76

rails_stdout_logging

Logs to stdout so you don't have to
Ruby
76
star
77

shaas

Shell as a Service: API to inspect and execute scripts in a server's environment via HTTP and WebSockets
Go
75
star
78

devcenter-spring-mvc-hibernate

AspectJ
75
star
79

heroku-buildpack-core-data

A Heroku Buildpack that generates a REST webservice from a Core Data model
Shell
74
star
80

heroku-buildpack-emberjs

**This buildpack is deprecated!** Please use the official Node.js buildpack combined with the static or nginx buildpack instead.
Ruby
72
star
81

facebook-template-python

Python
69
star
82

devcenter-java

Java
62
star
83

heroku-buildpack-c

C Language Pack
Shell
62
star
84

nibs

JavaScript
61
star
85

heroku-buildpack-gradle

This is a Heroku buildpack for Gradle apps. It uses Gradle to build your application and OpenJDK to run it.
Shell
61
star
86

heroku-buildpack-ember-cli

A Heroku buildpack for ember-cli apps; powers dashboard.heroku.com
Shell
60
star
87

heroku-guardian

Easy to use CLI security checks for the Heroku platform. Validate baseline security configurations for your own Heroku deployments.
Python
59
star
88

list-of-ingredients

An example of using Create React App with Rails 5 API and ActiveAdmin on Heroku
Ruby
56
star
89

heroku-fork

Heroku CLI plugin to fork an existing app into a new app
JavaScript
55
star
90

salesforce-buildpack

Heroku Buildpack for Salesforce
Shell
53
star
91

ruby-rails-sample

Ruby
52
star
92

facebook-template-ruby

CSS
52
star
93

heroku-jupyterlab

An example of running JupyterLab on Heroku, with Amazon S3.
Python
52
star
94

heroku-maven-plugin

This plugin is used to deploy Java applications directly to Heroku without pushing to a Git repository.
Java
51
star
95

cnb-builder-images

Recipes for building Heroku's Cloud Native Buildpacks builder images
Shell
51
star
96

stillir

Cache environment variables as Erlang app variables
Erlang
51
star
97

heroku-gradle-plugin

A Gradle plugin for deploying JAR and WAR files to Heroku.
Java
49
star
98

rails_serve_static_assets

Ruby
49
star
99

x

A set of packages for reuse within Heroku Go applications
Go
49
star
100

template-java-spring-hibernate

Java
48
star