• This repository has been archived on 16/Jul/2024
  • Stars
    star
    151
  • Rank 246,057 (Top 5 %)
  • Language
    Go
  • License
    Other
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

API that leverages Clair to scan Docker Registries and Kubernetes Clusters for vulnerabilities

Build Status

Introduction

Port Authority is an API service that delivers component based vulnerability assessments for Docker images at time of build and in run-time environments.

The Port Authority API is capable of orchestrating scans of individual public or private images as well as scanning entire private Docker registries like Docker Hub, Google Container Registry or Artifactory. To accomplish this, Port Authority breaks each Docker image into layers and sends it to the open source static analysis tool Clair in the backend to perform the scans and identify vulnerabilities. Upon completion of this workflow Port Authority maintains a manifest of the images and scan results.

Port Authority also supplies developers with customizable offerings to assist with the audit and governance of their container workloads. Port Authority provides a webhook that when leveraged by a Kubernetes admission controller will allow or deny deployments based off of user-defined policies and image attributes. Port Authority then achieves run-time inspection by integrating with Kubernetes to discover running containers and inventorying those deployed images for scanning.

Getting Started

Setup and Start Minikube

  1. Install Minikube

  2. Start Minikube:

    minikube start

NOTE: Supported Kubernetes versions (1.6.x - 1.9.x). Supported Clair versions v2.x.x.

Build and Deploy to Minikube

  1. Use Minikube Docker:

    eval $(minikube docker-env)

  2. Deploy official Port Authority stack:

    make deploy-minikube

(Optional). Local developer build stack:

  1. Use Minikube Docker:

    eval $(minikube docker-env)

  2. Get all Glide dependancies:

    make deps

  3. Deploy official Port Authority stack:

    make deploy-minikube-dev

Optional Configuration

Different configuration adjustments can be made to the Port Authority deployment here: minikube/portauthority/portauthority/config.yml

✅ Add Docker Credentials used by the K8s Crawler scan feature

### Environment variables defined below are mapped to credentials used by the Kubernetes Crawler API (/v1/crawler/k8s)
### A 'Scan: true' flag will invoke their usage
k8scrawlcredentials:
  # Use "" for basic auth on registries that do not require a username and password
  - url: "docker.io" #basic auth is empty UN and PW
    username: "DOCKER_USER"
    password: "DOCKER_PASS"
  - url: "gcr.io" #basic auth is empty UN and PW
    username: "GCR_USER"
    password: "GCR_PASS"

✅ Enable the Kubernetes Admission Controller and change webhooks default behavior

# Setting imagewebhookdefaultblock to true will set the imagewebhooks endpoint default behavior to block any images with policy violations.
# If it is set to false a user can change enable the behavior by setting the portauthority-webhook deployment annotation to true
imagewebhookdefaultblock: false

Docs

Port Authority is an API service. See our complete API Documentation for further configuration, usage, Postman collections and more.

Contributing

We always welcome new PRs! See Contributing for further instructions.

Bugs and Feature Requests

Found something that doesn't seem right or have a feature request? Please open a new issue.

Copyright and License

license

©2018 Target Brands, Inc.

**Credit Renee French for original golang gopher

More Repositories

1

goalert

Open source on-call scheduling, automated escalations, and notifications so you never miss a critical alert
Go
2,215
star
2

lorri

Your project's nix-env
Rust
990
star
3

strelka

Real-time, container-based file scanning at enterprise scale
Python
859
star
4

matrixprofile-ts

A Python library for detecting patterns and anomalies in massive datasets using the Matrix Profile
Python
734
star
5

flottbot

A chatbot framework written in Go. All configurations are made in YAML files, or inside scripts written in your favorite language.
Go
335
star
6

halogen

Automatically create YARA rules from malicious documents.
Python
205
star
7

pod-reaper

Rule based pod killing kubernetes controller
Go
198
star
8

huntlib

A Python library to help with some common threat hunting data analysis operations
Python
131
star
9

mmk-ui-api

UI, API, and Scanner (Rules Engine) services for Merry Maker
TypeScript
119
star
10

row-types

A Haskell library for open records and variants using closed type families and type literals
Haskell
112
star
11

data-validator

A tool to validate data, built around Apache Spark.
Scala
101
star
12

libdart

A High Performance, Network Optimized, JSON Library
C++
80
star
13

XCBBuildServiceProxy

A framework to create proxies for XCBBuildService, which allows for custom Xcode build integrations.
Swift
74
star
14

strelka-ui

Strelka Web UI for File Submission and Analysis
JavaScript
51
star
15

graphql-liftoff

Generate GraphQL schema language from API specifications and more
TypeScript
44
star
16

nix-fetchers

A set of morally pure fetching builtins for Nix.
Python
43
star
17

grease

Automated Scripting Engine For the Modern Age
Python
42
star
18

react-native-svg-parser

Parses SVG files and converts to 'react-native-svg' format objects. NOTE: This project has been archived.
JavaScript
42
star
19

theta-idl

Define communication protocols between applications using algebraic data types.
Haskell
41
star
20

Threat-Hunting

Detection of obfuscated Powershell commands
Jupyter Notebook
41
star
21

f5-bigip-cookbook

Chef cookbook for F5 Big IP
Ruby
37
star
22

winnaker

An audit tool that tests the whole system functionality of Spinnaker
Python
33
star
23

go-arty

Go client library for Artifactory and Xray
Go
31
star
24

captains-log

A continuous integration plugin that helps organize release information in slack
JavaScript
31
star
25

attack-navigator-docker

A simple Docker container that serves the MITRE ATT&CK Navigator web app
Makefile
26
star
26

POSSUM

Java
24
star
27

reuse

A simple Golang app to test TCP and SSL/TLS session reuse.
Go
22
star
28

karmabot

A karmabot for Slack
Python
21
star
29

lite-for-jdbc

Lightweight library to simplify JDBC database access
Kotlin
21
star
30

edge-mac-integrations

A collection scripts and API interactions used by Target to simplify the user experience and make Jamf Pro Self Service the one stop shop for access, peripherals, and software.
Shell
19
star
31

statsd-kafka-backend

A Statsd backend for sending metrics to Kafka
JavaScript
18
star
32

network_interfaces_v2-cookbook

Chef cookbook for managing network interfaces on Ubuntu, RHEL and Windows
Ruby
17
star
33

impeller

Manage Helm charts in Kubernetes clusters.
Go
15
star
34

table-model

Supercharge your datagrid with TableModel
JavaScript
15
star
35

REDstack

REDstack - Hadoop as a service on OpenStack
Python
15
star
36

secured-yarn-cluster-ansible

Ansible playbook for provisioning secured yarn cluster
Ruby
14
star
37

casper-auto-provisioning

Shell
13
star
38

jenkins-docker-master

Dockerfile for Jenkins master
Shell
12
star
39

native_memory_allocator

A Kotlin library providing a simple, high-performance way to use off-heap native memory in JVM applications.
Kotlin
10
star
40

sccmosd-refresh-multitool

A method to migrate from Windows 7 (w/ BIOS) to Windows 10 (w/ UEFI) In A Single Task Sequence
PowerShell
9
star
41

markdown-inject

Add file or command output to markdown documents.
TypeScript
9
star
42

jenkins-docker-nginx

Dockerfile for NGINX frontend to Jenkins
Shell
9
star
43

intellidiff

Kotlin
9
star
44

emoji_manager

Custom emoji management for Enterprise Slack users
Kotlin
8
star
45

cloudpunch

A framework to performance test OpenStack at scale
Python
8
star
46

boots_of_haste

This script parses through an Nmap XML file and sends requests through Burp for every open port.
Python
7
star
47

gelvedere

Cli to deploy a Jenkins master
Go
7
star
48

jenkins-docker-api

An API to manage containerized Jenkins masters
Go
6
star
49

sensu-go-goalert

Sensu Go GoAlert Handler
Go
6
star
50

cartster

Target Partner's Commerce Basket Transfer Example App
JavaScript
6
star
51

consensource-compose

INACTIVE REPO! Please visit github.com/target/consensource
Shell
5
star
52

consensource-database

Reporting database
Rust
5
star
53

consensource-processor

Transaction processor, smart contracts
Rust
5
star
54

pacemaker-cookbook

Chef cookbook for managing pacemaker on RHEL
Ruby
5
star
55

coldsalt

(THIS REPO HAS BEEN ARCHIVED) API test automation
Python
4
star
56

jupyter-git-extension

Extension that adds basic git functionality to the Jupyter Notebook UI
JavaScript
4
star
57

DataStoreExplorer

Kotlin
3
star
58

plugin-for-rundeck-to-execute-sap-modules

Rundeck plugin for connecting to SAP systems for triggering ABAP programs and process chains
Java
3
star
59

flottbot-docs

Documentation for flottbot
JavaScript
3
star
60

mmk-js-scope

Puppeteer worker for Merry Maker
TypeScript
3
star
61

consensource-docs

WIP: Docsite
CSS
3
star
62

consensource-sds

An event subscriber for publishing blockchain events to an off-chain reporting database
Rust
3
star
63

osx-edgelab

Python
2
star
64

pull-request-code-coverage

A continuous integration plugin to allow detecting code coverage for only the lines changed in a PR.
Go
2
star
65

mmk-types

JavaScript
2
star
66

woozie

An Emacs package for creating and validating Apache Oozie workflows
Emacs Lisp
2
star
67

consensource-cli

CLI for testing transactions and genesis
Rust
2
star
68

concatenated-barcode-parser

This library has logic to parse GS1-128 (Global Standard 1) concatenated barcode and return a list of parsed objects
Kotlin
2
star
69

hdp-cloud

Ruby
1
star
70

burndown-for-github-projects

TypeScript
1
star
71

setupcfg2nix

Generate nix expressions from setup.cfg for a python package.
Python
1
star
72

k-sim

A simple simulator trying to work through bottleneck/constraints theory as applied to a few simple Kafka topologies.
JavaScript
1
star
73

compiler-of-android-for-lona

The Android Compiler for Lona Design Systems
FreeMarker
1
star
74

token-manager-for-salesforce

Spring Boot library to make Salesforce API calls easy
Java
1
star
75

chatops-docs

Terms & Conditions for using Slack at Target
HTML
1
star
76

Schema-Check-filter-for-Logstash

(This repo is archived) Schema Check filter for Logstash
Ruby
1
star