Anchore_ui是一款用于展示Anchore Engine扫描结果的web系统。并且对anchore的扫描结果进行了增强,例如:对于java语言的补丁,anchore并不提供漏洞的修复版本,此系统弥补了这方面的问题。
- Linux
- Windows
- 提供jar包修复版本号(只提供严重和高风险的漏洞版本号)
- 导出漏洞成excel文件
- 整合anchore扫描结果
- 查看依赖情况(暂时只支持maven)
依赖:项目运行依赖于mongodb,所以需准备好mongodb
源码部署步骤如下:
在 mongodb 服务器上新建 db 用户,这里新建了一个用户名为anchore_ui
密码为123456
的用户。
# mongo
> use admin
> db.createUser({user:'anchore_ui',pwd:'123456', roles:[{role:'readWriteAnyDatabase', db:'admin'}]})
> exit
# git clone https://github.com/zj1244/anchore_ui.git
# cd anchore_ui
# pip install -r requirements.txt
首先将config.py.sample
复制一份重命名为config.py
# cp anchore_ui/config.py.sample anchore_ui/config.py
然后修改config.py里的配置信息:
# 按照实际情况mongodb的相关配置
MONGO_IP = "192.168.47.1"
MONGO_PORT = 27017
MONGO_USER = "root"
MONGO_PWD = "root"
# 按照实际情况修改anchore的相关配置
ANCHORE_API = "http://192.168.1.1:8228"
ANCHORE_USERNAME = "admin"
PASSWORD = "foobar"
在程序目录下执行如下命令:
# python run.py
依赖:需提前准备好mongodb,关于mongodb的安装不再阐述,请参考:mongodb安装
新建个docker-compose.yml文件,复制粘贴如下内容,并根据实际情况修改mongo配置信息:
version: '3'
services:
scanner:
image: zj1244/anchore_ui:latest
ports:
- "8888:8888"
restart: always
network_mode: "host"
environment:
# 请修改以下redis和mongodb的配置
MONGO_IP: 192.168.1.1
MONGO_PORT: 27017
MONGO_USER: anchore_ui
MONGO_PWD: 123456
ANCHORE_API: http://192.168.1.1:8228
ANCHORE_USERNAME: admin
ANCHORE_PASSWORD: foobar
# docker-compose up -d
如果输出类似信息则启动成功,此时可访问http://ip:8888,输入docker-compose.yml里的用户名密码来登陆
# docker logs $(docker ps | grep anchore_ui | awk '{print $1}')
[2020-07-16 Thursday 16:57] [INFO] Scheduler started
[2020-07-16 Thursday 16:57] [DEBUG] Looking for jobs to run
* Serving Flask app "apps" (lazy loading)
* Environment: production
WARNING: Do not use the development server in a production environment.
Use a production WSGI server instead.
* Debug mode: on
[2020-07-16 Thursday 16:57] [INFO] * Running on http://0.0.0.0:8888/ (Press CTRL+C to quit)
[2020-07-16 Thursday 16:57] [DEBUG] Next wakeup is due at 2020-07-16 17:04:54.782021+08:00 (in 461.596599 seconds)
只需配置定时任务,用于定时从anchore同步扫描信息即可