{"id":13824818,"url":"https://github.com/ObjectifLibre/csf","last_synced_at":"2025-07-08T20:32:17.643Z","repository":{"id":57554263,"uuid":"145823891","full_name":"ObjectifLibre/csf","owner":"ObjectifLibre","description":"Continuous Security Framework","archived":true,"fork":false,"pushed_at":"2018-08-31T14:29:27.000Z","size":635,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-11-20T03:31:51.345Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ObjectifLibre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-23T08:24:08.000Z","updated_at":"2023-01-28T17:07:03.000Z","dependencies_parsed_at":"2022-09-26T18:51:17.491Z","dependency_job_id":null,"html_url":"https://github.com/ObjectifLibre/csf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ObjectifLibre/csf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ObjectifLibre%2Fcsf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ObjectifLibre%2Fcsf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ObjectifLibre%2Fcsf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ObjectifLibre%2Fcsf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ObjectifLibre","download_url":"https://codeload.github.com/ObjectifLibre/csf/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ObjectifLibre%2Fcsf/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264343708,"owners_count":23593775,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T09:01:09.880Z","updated_at":"2025-07-08T20:32:15.759Z","avatar_url":"https://github.com/ObjectifLibre.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Continuous Security Framework\n\n\n[![GoDoc](https://godoc.org/github.com/ObjectifLibre/csf?status.svg)](https://godoc.org/github.com/ObjectifLibre/csf) [![Build Status](https://travis-ci.org/ObjectifLibre/csf.svg?branch=master)](https://travis-ci.org/ObjectifLibre/csf) [![FOSSA Status](https://app.fossa.io/api/projects/custom%2B4963%2Fgit%40github.com%3AObjectifLibre%2Fcsf.git.svg?type=shield)](https://app.fossa.io/projects/custom%2B4963%2Fgit%40github.com%3AObjectifLibre%2Fcsf.git?ref=badge_shield) [![codebeat badge](https://codebeat.co/badges/a3974bbc-b9e2-4a52-a260-af70cc06034b)](https://codebeat.co/projects/github-com-objectiflibre-csf-master) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/b0e42b0a96bd4523bb21528107f146b0)](https://www.codacy.com/project/Patazerty/csf/dashboard?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=ObjectifLibre/csf\u0026amp;utm_campaign=Badge_Grade_Dashboard) [![codecov](https://codecov.io/gh/ObjectifLibre/csf/branch/master/graph/badge.svg)](https://codecov.io/gh/ObjectifLibre/csf) [![](https://images.microbadger.com/badges/image/objectiflibre/csf.svg)](https://microbadger.com/images/objectiflibre/csf \"Get your own image badge on microbadger.com\")\n\nContinuous Security Framework (CSF for short) is an open-source project aiming at enabling continous security in cloud infrastructures (but not only).\nYou can see it as IFTTT for the cloud. Similar to a typical continuous integration, CSF can be used to build pipelines composed of different tasks. Unlike a typical continuous integration, it can respond to a variety of events and uses simple scripting that anyone can use to build powerful automatic decision-making scripts.\n\n## Getting started\n\n### Terminology\n\nModules:\n\n - *Event source* - a module that will send events to CSF (ex: a new vulnerability has been found by clair)\n - *Action module* - a module that contains one or more actions (ex: send a mail)\n\n### Installation\n\nThe best way to run csf is to use the docker image `objectiflibre/csf`. You can also download the binary or build CSF yourself.\nTake a look at [this sample config](https://github.com/ObjectifLibre/csf/blob/master/csf_config/config_sample.yaml) and modify it if needed.\n\n```bash\ndocker run -d \\\n  -v $PWD/csf_config:/csf_config \\\n  -v $PWD/csf_data:/db \\\n  -p 8888:8888 \\\n  objectiflibre/csf\n```\n\nTake a look at [config_sample.yaml](https://github.com/ObjectifLibre/csf/blob/master/csf_config/config_sample.yaml) for the config. The default `localfiles` configProvider loads modules configuration files from the `./config` folder matching the names of the modules (if you load the `k8s_imagevalidator` module your config file for this module must be named `k8s_imagevalidator.*`, the extension does not matter). The default `localdb` storageProvider stores everything in `./db` using [tiedot](https://github.com/HouzuoGuo/tiedot).\n\n### Use cases\n\nEvents trigger pipelines that can dynamically respond to events using scripts. Currently implemented events are:\n\n- [Clair notification](https://github.com/coreos/clair) about a new vulnerability in a docker image\n- A new pod is spawned in kubernetes\n- An [ImagePolicyWebhook review request](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#what-does-each-admission-controller-do) from kubernetes (can allow or deny the use of an image in k8s)\n- Notifications from Openstack Nova (via AMQP)\n\nCurrently implemented actions are:\n\n- Send a mail\n- Check if an image is in a kubernetes pod or deployment\n- Respond to an ImagePolicyWebhook image review request\n- Scan a docker image using an external clair server\n- Scan an instance / virtual machine / host via ssh using [vuls.io](https://vuls.io) and docker\n\nMore details on the different modules [here](https://github.com/ObjectifLibre/csf/blob/master/docs/modules.md).\n\nNeed something else ? Open an issue or [write your own module](https://github.com/ObjectifLibre/csf/blob/master/docs/write_modules.md) !\n\n\n### Pipelines\n\nYou can use multiple actions to easily build complex pipelines. Here is a simple example:\n\n![example](https://raw.githubusercontent.com/ObjectifLibre/csf/master/docs/csf_example.png)\n\nAnother use case is [on the fly docker images scanning](https://github.com/ObjectifLibre/csf/blob/master/docs/k8s_imagereviewWebhook_clair.md) with kubernetes.\n\nTo write your own pipelines (called reactions here), you can find different sample json files in the `samples` folder or check out the [docs about reactions](https://github.com/ObjectifLibre/csf/blob/master/docs/write_reactions.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FObjectifLibre%2Fcsf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FObjectifLibre%2Fcsf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FObjectifLibre%2Fcsf/lists"}