/lampas

"Lampas" is Generic Linux Package security scanning tool.(include non-docker)

Primary LanguagePythonBSD 2-Clause "Simplified" LicenseBSD-2-Clause

Lampas

TL;DR

Lampas is for generic linux distro package security Scanner.

  • the meaning of lampas is came from latin word 'Lampas'
  • the word is from Ancient Greek λαμπάς (lampás, “lamp or flambeau”), from λάμπω (lámpō), perhaps from Proto-Indo-European *leh₂p- (“glow”)

Clair Generic Scan Server (HTTP)

  • Lampas is renamed from "clair-generic-scan-server". Lampas is latin words which means lamp or lantern.

  • You can scan any linux system not only docker but also bare-metal.

  • Clair use newest distro's NVD/CVE database. this means clair's DB is very accurated and fastest. There's no false negative or false positive issue.

  • Support Linux Distro.

    • Ubuntu / Debian
    • Centos / Redhat / Oracle
    • Alpine
  • Clair is opensource project by CoreOS(Acquired by RedHat)

  • welcome any pull requests.

Demo

  • Demo is checking not only Host Ubuntu system but also inside centos docker container. asciicast

Author

Requirements

  • Clair DB format is 2.0.1 (on Clair Public Release)
  • not working with VMWare Harbor or other 3rd party's modified clair release.

Run

  • Run with docker-compose. (easist method)
cd compose
docker-compose up -d

# wait for DB updating is complated. (maybe 10-30 min. time depend on network issue)
docker exec -it lampas python /opt/test.py

  • You can test on bare-metal using with cli client.
    • compatability
      • Tested & Working: Centos7 / RHEL 7 / Debian 8,9 / Ubuntu 14.04 or above / Alpine
      • Not working: Centos 6 / RHEL 6 / Debian 7
    • Python version: python & requests module are required.
    • Golang version: Static compiled binary does not need any requirements.
# Python version
python ./cli/scanner.py http://127.0.0.1:5000

# Golang version
# - Build Binary
 docker run -it --rm \
  -v `pwd`/cli:/usr/src/scanner \
  -w /usr/src/scanner \
  -e "CGO_ENABLED=0" -e "GOOS=linux" \
  golang bash -c  \
  "go get github.com/Jeffail/gabs && go get github.com/go-ini/ini && go build -a -ldflags '-extldflags \"-static\"' ."

# or you can use build scripts
  cd cli
  curl https://raw.githubusercontent.com/ziozzang/go-static-template/master/install | bash
  BIN_NAME=scanner ./build.sh

# - Run
./cli/scanner http://127.0.0.1:5000

  • Environments Parameters
    • not yet documented

API

not yet documented.

Build

docker build -t ziozzang/clair-generic-scan-server .
docker run -it --rm  -p 5000:5000 --link pgsql:pgsql ziozzang/clair-generic-scan-server

Known Issue

  • if no database updated, server return 500.
  • no error processing
  • no web ui.

TO-Do

  • Documents
  • API

License

  • BSD.
  • You can use any purpose.