{"id":37624419,"url":"https://github.com/cristianovisk/regvuln","last_synced_at":"2026-01-16T10:45:42.384Z","repository":{"id":61926816,"uuid":"547520283","full_name":"cristianovisk/regvuln","owner":"cristianovisk","description":"RegVuln is a tool that use Engine Trivy to generate reports about images Docker from Registry, have integration with Defect Dojo to Vulnerability Management.","archived":false,"fork":false,"pushed_at":"2024-08-07T15:09:59.000Z","size":118,"stargazers_count":15,"open_issues_count":3,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-08-08T17:52:48.993Z","etag":null,"topics":["docker","registry-docker","registry-oci","regvuln","vulnerability-analysis","vulnerability-detection","vulnerability-scanning"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cristianovisk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-07T20:31:48.000Z","updated_at":"2024-08-07T15:10:02.000Z","dependencies_parsed_at":"2024-08-07T17:53:44.159Z","dependency_job_id":null,"html_url":"https://github.com/cristianovisk/regvuln","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/cristianovisk/regvuln","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianovisk%2Fregvuln","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianovisk%2Fregvuln/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianovisk%2Fregvuln/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianovisk%2Fregvuln/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cristianovisk","download_url":"https://codeload.github.com/cristianovisk/regvuln/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cristianovisk%2Fregvuln/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478054,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","registry-docker","registry-oci","regvuln","vulnerability-analysis","vulnerability-detection","vulnerability-scanning"],"created_at":"2026-01-16T10:45:42.275Z","updated_at":"2026-01-16T10:45:42.364Z","avatar_url":"https://github.com/cristianovisk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\r\n\u003cimg src=\"https://github.com/cristianovisk/regvuln/blob/main/images/logo.svg\" alt=\"RegVuln\" border=\"0\"\u003e\r\n\u003c/p\u003e\r\n\r\n![Pipeline Status](https://github.com/cristianovisk/regvuln/actions/workflows/publish.yml/badge.svg)\r\n![Pipeline Status](https://github.com/cristianovisk/regvuln/actions/workflows/release.yml/badge.svg)\r\n[![GitHub release](https://img.shields.io/github/release/cristianovisk/regvuln)](https://github.com/cristianovisk/regvuln/releases/latest)\r\n![GitHub all releases](https://img.shields.io/github/downloads/cristianovisk/regvuln/total)\r\n![Vulnerabilities Libs](https://api.dptrack.duckdns.org/api/v1/badge/vulns/project/5ae4f81f-f2c0-48be-a2b8-645de92782f2)\r\n# RegVuln - Scanner Registry AppSec\r\n\r\n📜 Este scanner analisa um servidor registry com imagens de containers Docker/OCI, e analisa TAG a TAG as vulnerabilidades existentes nelas usando Trivy da AquaSec.\r\n\r\n💡 Ao ser executado o mesmo analisa o registry destino e analisa todas as imagens enviando-as a uma API Post previamente configurada no `.config.ini` ou salva os arquivos JSON no diretorio de reports também configurado no `.config.ini`\r\n\r\n## 🛠 Instalação\r\n\r\n**Observação:**\r\nFaz-se necessário baixar o Trivy confirme documentação: https://aquasecurity.github.io/trivy/latest/getting-started/installation/\r\n\r\nLinux:\r\n\r\n```sh\r\nsudo apt install python3 python3-pip git curl -y\r\ncurl https://get.docker.com | sh\r\ngit clone https://github.com/cristianovisk/regvuln\r\ncd regvuln\r\npip3 install -r requirements.txt\r\ncp .config_model.ini .config.ini\r\nsudo apt-get install wget apt-transport-https gnupg lsb-release -y\r\nwget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -\r\necho deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list\r\nsudo apt update\r\nsudo apt install trivy -y\r\n```\r\n\r\n\r\n## 📈 Exemplo de uso com .config\r\n\r\nPara que a analise ocorra sem problemas, é necessário editar o arquivo `.config.ini` com as variáveis definidas corretamente:\r\n\r\n```ini\r\n[REGISTRY]\r\ndns = dns.registry.destiny.com\r\nurl = https://dns.registry.destiny.com\r\ncatalog = /v2/_catalog\r\nuser = user_to_autentication_basic\r\npassword = password_to_use\r\n\r\n[SCANTIME]\r\ndelay_in_seconds = 3600 # Time in seconds to delay scan the images\r\ntimetoscan = 1 # ex. (timetoscan * delay_in_seconds) = limit_time_to_reescan_images\r\n\r\n[REPORT]\r\noutput_folder = ./reports # folder to save reports generated by Trivy\r\n\r\n[DOCKER]\r\ncfg_cred = /home/cristiano/.docker/config.json #file that have password Docker registry\r\ncache_images = false # enabled will save all images in cache\r\n\r\n[DEFECT_DOJO]\r\nurl = https://dns.defectdojo.destiny.com #endpoint URL DEFECTDOJO\r\nenabled = false #if enable or disable with True or False\r\napi_key = KEY_API_DEFECT_DOJO # API Key DEFECT DOJO, get in WEB-GUI\r\nproduct_name = NAME_REGISTRY # Name the Registry OCI to \r\nproduct_type = ENTERPRISE-BU # Name the Enterprise or BU\r\nenvironment = PROD # optional unused\r\n```\r\n\r\nApós a configuração ser feita, basta executar o arquivo `regvuln.py` com o comando:\r\n```sh\r\npython3 regvuln.py --run\r\n```\r\n\r\nTodos os arquivos JSON serão salvos por padrão na pasta `./reports` (caso não tenha sido alterado no `.config.ini`), exemplo:\r\n```sh\r\ncristiano@horusec:~/registry_scan_appsec$ ls -ilha ./reports/\r\ntotal 14M\r\n1836862 drwxrwxr-x 2 cristiano cristiano 4.0K Jul 10 13:49 .\r\n1835204 drwxrwxr-x 5 cristiano cristiano 4.0K Jul 10 19:20 ..\r\n1843734 -rw-rw-r-- 1 cristiano cristiano  16K Jul 10 19:05 docker-registry.ddns.net-app-examlpe-compose_web-latest.json\r\n1843839 -rw-rw-r-- 1 cristiano cristiano 3.1M Jul 10 19:08 docker-registry.ddns.net-bytebank-latest.json\r\n1843853 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-26.json\r\n1843854 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-27.json\r\n1843855 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-29.json\r\n1843856 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-30.json\r\n1843857 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-31.json\r\n1843858 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-32.json\r\n1843859 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-33.json\r\n1843860 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-34.json\r\n1843861 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-35.json\r\n1843862 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-36.json\r\n1843863 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:08 docker-registry.ddns.net-dexter-37.json\r\n1843864 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-38.json\r\n1843865 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-41.json\r\n1843866 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-43.json\r\n1843867 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-44.json\r\n1843868 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-45.json\r\n1843869 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-46.json\r\n1843870 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-47.json\r\n1843871 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-48.json\r\n1843872 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-49.json\r\n1843873 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-50.json\r\n1843874 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-52.json\r\n1843875 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-53.json\r\n1843841 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-54.json\r\n1843831 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-55.json\r\n1843842 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-57.json\r\n1843876 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-dexter-59.json\r\n1843834 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-60.json\r\n1843843 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-62.json\r\n1843846 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-63.json\r\n1843847 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-64.json\r\n1843844 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-65.json\r\n1843848 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-67.json\r\n1843850 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-68.json\r\n1843851 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-69.json\r\n1843852 -rw-rw-r-- 1 cristiano cristiano 8.4K Jul 10 19:08 docker-registry.ddns.net-dexter-70.json\r\n1843877 -rw-rw-r-- 1 cristiano cristiano  26K Jul 10 19:09 docker-registry.ddns.net-horusec-analytic-v2.18.0.json\r\n1843878 -rw-rw-r-- 1 cristiano cristiano  26K Jul 10 19:09 docker-registry.ddns.net-horusec-api-v2.18.0.json\r\n1843879 -rw-rw-r-- 1 cristiano cristiano  26K Jul 10 19:09 docker-registry.ddns.net-horusec-auth-v2.18.0.json\r\n1843880 -rw-rw-r-- 1 cristiano cristiano  25K Jul 10 19:09 docker-registry.ddns.net-horusec-core-v2.18.0.json\r\n1843881 -rw-rw-r-- 1 cristiano cristiano 304K Jul 10 19:09 docker-registry.ddns.net-horusec-generic-v1.1.0.json\r\n1843882 -rw-rw-r-- 1 cristiano cristiano  95K Jul 10 19:09 docker-registry.ddns.net-horusec-js-v1.2.0.json\r\n1843884 -rw-rw-r-- 1 cristiano cristiano 103K Jul 10 19:09 docker-registry.ddns.net-horusec-manager-v2.18.0.json\r\n1843886 -rw-rw-r-- 1 cristiano cristiano  25K Jul 10 19:09 docker-registry.ddns.net-horusec-messages-v2.18.0.json\r\n1843887 -rw-rw-r-- 1 cristiano cristiano  34K Jul 10 19:09 docker-registry.ddns.net-horusec-migrations-local.json\r\n1843888 -rw-rw-r-- 1 cristiano cristiano 106K Jul 10 19:09 docker-registry.ddns.net-horusec-php-v1.0.1.json\r\n1844949 -rw-rw-r-- 1 cristiano cristiano 194K Jul 10 19:09 docker-registry.ddns.net-horusec-python-v1.0.0.json\r\n1844950 -rw-rw-r-- 1 cristiano cristiano  26K Jul 10 19:09 docker-registry.ddns.net-horusec-vulnerability-v2.18.0.json\r\n1844951 -rw-rw-r-- 1 cristiano cristiano  25K Jul 10 19:09 docker-registry.ddns.net-horusec-webhook-v2.18.0.json\r\n1844952 -rw-rw-r-- 1 cristiano cristiano 347K Jul 10 19:09 docker-registry.ddns.net-nginx-latest.json\r\n1846340 -rw-rw-r-- 1 cristiano cristiano 8.1M Jul 10 19:09 docker-registry.ddns.net-sida-latest.json\r\n1846525 -rw-rw-r-- 1 cristiano cristiano  90K Jul 10 19:10 docker-registry.ddns.net-ubuntu-18.04.json\r\n1846478 -rw-rw-r-- 1 cristiano cristiano  56K Jul 10 19:10 docker-registry.ddns.net-ubuntu-20.04.json\r\n1846341 -rw-rw-r-- 1 cristiano cristiano  51K Jul 10 19:10 docker-registry.ddns.net-ubuntu-latest.json\r\n```\r\n\r\nOs dados também são centralizados em um banco SQLite por nome `registry.db` que é gerado no primeiro momento da execução do `regvuln.py`.\r\n\r\n## 📈 Exemplo de uso com variáveis de ambiente em Docker\r\n\r\nO exemplo abaixo será usado caso o RegVuln esteja com o modo Defect Dojo desabilitado.\r\n\r\n```bash\r\ndocker run --rm -e RG_REGISTRY_DNS=\"ecr.amazonurl.com\" \\\r\n                -e RG_REGISTRY_URL=\"http://ecr.amazonurl.com\" \\\r\n                -v /var/run/docker.sock:/var/run/docker.sock \\\r\n                -v $PWD:/opt/regvuln/reports \\\r\n                -it cristianovisk/regvuln:latest\r\n```\r\n\r\nJá o exemplo abaixo mostra a configuração completa mínima necessária para usar com integração com Defect Dojo.\r\n\r\n```bash\r\ndocker run --rm -e RG_REGISTRY_DNS=\"ecr.amazonurl.com\" \\\r\n\t\t\t\t-e RG_REGISTRY_URL=\"http://ecr.amazonurl.com\" \\\r\n\t\t\t\t-e RG_DEFECTDOJO_ENABLED=true \\\r\n\t\t\t\t-v /var/run/docker.sock:/var/run/docker.sock \\\r\n\t\t\t\t-it cristianovisk/regvuln:latest\r\n```\r\n\r\nA saída será a solicitação das variáveis obrigatórias para a integração funcionar:\r\n\r\n```log\r\n2022-10-23 16:35:09 3c31c7c2a275 root[1] CRITICAL Variavel RG_DEFECTDOJO_URL vazia, favor definir para rodar\r\n2022-10-23 16:35:09 3c31c7c2a275 root[1] CRITICAL Variavel RG_DEFECTDOJO_API_KEY vazia, favor definir para rodar\r\n2022-10-23 16:35:09 3c31c7c2a275 root[1] CRITICAL Variavel RG_DEFECTDOJO_PRODUCT_NAME vazia, favor definir para rodar\r\n2022-10-23 16:35:09 3c31c7c2a275 root[1] CRITICAL Variavel RG_DEFECTDOJO_PRODUCT_TYPE vazia, favor definir para rodar\r\n2022-10-23 16:35:09 3c31c7c2a275 root[1] CRITICAL Variavel RG_DEFECTDOJO_ENV vazia, favor definir para rodar\r\n```\r\n\r\nBasta definir conforme exemplo abaixo e irá funcionar:\r\n\r\n```bash\r\ndocker run --rm -e RG_REGISTRY_DNS=\"ecr.amazonurl.com\" \\\r\n\t\t\t\t-e RG_REGISTRY_URL=\"http://ecr.amazonurl.com\" \\\r\n\t\t\t\t-e RG_DEFECTDOJO_ENABLED=true \\\r\n                -e RG_DEFECTDOJO_URL=\"https://defectdojo.url.com\" \\\r\n                -e RG_DEFECTDOJO_API_KEY=\"chave_de_api_5dc58d5d6s9x\" \\\r\n                -e RG_DEFECTDOJO_PRODUCT_NAME=\"REGISTRY_PROD_1\" \\\r\n                -e RG_DEFECTDOJO_PRODUCT_TYPE=\"EMPRESA\" \\\r\n                -e RG_DEFECTDOJO_ENV=\"Production\" \\\r\n\t\t\t\t-v /var/run/docker.sock:/var/run/docker.sock \\\r\n\t\t\t\t-it cristianovisk/regvuln:latest\r\n```\r\n\r\n## 💻 Configuração de CRON\r\n\r\nBasta configurar as variáveis abaixo, e realizar o calculo, 3600 = 1 hora e timetoscan = 2 , significa que o scan será refeito em imagens já analisadas em 2 horas, e wait_time_daemon = 1800 significa que o RegVuln lerá novamente o Registry atrás de imagens novas a cada meia hora.\r\n```shell\r\n[SCANTIME]\r\nwait_time_daemon = 1800\r\ndelay_in_seconds = 3600\r\ntimetoscan = 1\r\n```\r\n\r\nPara que a configuração tenha efeito como uma cron, basta executar com o argumento `--daemon`.\r\n\r\n\r\n## 📋 Sobre mim\r\n\r\nCristiano Henrique dos Santos – [Portfólio](https://cristianovisk.github.io) – cristianovisk@gmail.com\r\n\r\nDistribuído sob a licença Apache 2.0. Veja `LICENSE` para mais informações.\r\n\r\n## 🚀 Contribuição\r\n ```sh\r\n # EM BREVE\r\n ```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcristianovisk%2Fregvuln","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcristianovisk%2Fregvuln","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcristianovisk%2Fregvuln/lists"}