New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

【开源自荐】veinmind-tools：一款容器安全开源工具集 #2535

Open

Trc0g opened this issue Jul 27, 2022 · 0 comments

Labels

Trc0g commented Jul 27, 2022

项目地址：https://github.com/chaitin/veinmind-tools
项目标题：一款容器安全开源工具集，支持检测容器镜像安全风险
项目描述：以容器镜像资源为中心，针对恶意文件、敏感配置、入侵攻击等严重安全问题，在镜像 pull-build-push 阶段提供安全检测，从生产环境的容器的供应链源头解决安全风险，降低安全风险点，同时维护容器安全交流社群，建立容器安全学习交流良好氛围。
亮点：

支持镜像异常历史命令、恶意文件、弱口令、敏感信息、后门检测
支持镜像资产清点，清点镜像与镜像软件资产
支持本地镜像扫描和仓库镜像扫描，集成 Docker Hub 等主流镜像仓库
支持 GitHub action、jenkins等主流 CI/CD 集成
以平行容器方式运行，无需单独编译，开箱即用
适配多种容器运行时

示例代码：

确保机器上正确安装 docker
docker info
安装 veinmind-runner 镜像
docker pull veinmind/veinmind-runner:latest
下载 veinmind-runner 平行容器启动脚本
wget -q https://download.veinmind.tech/scripts/veinmind-runner-parallel-container-run.sh -O run.sh && chmod +x run.sh
快速扫描本地镜像
./run.sh scan-host

截图：

The text was updated successfully, but these errors were encountered:

ruanyf added the issue-216 label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment