{"id":13587202,"url":"https://github.com/edersonbrilhante/vilicus","last_synced_at":"2025-04-15T01:10:54.189Z","repository":{"id":38997741,"uuid":"330016810","full_name":"edersonbrilhante/vilicus","owner":"edersonbrilhante","description":"Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.","archived":false,"fork":false,"pushed_at":"2023-01-07T10:12:45.000Z","size":7644,"stargazers_count":87,"open_issues_count":16,"forks_count":8,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-28T13:05:48.503Z","etag":null,"topics":["anchore","cicd","clair","docker","docker-image","docker-scanner","golang","oci","oci-image","oci-scanner","scan-images","security","security-scanner","security-tools","security-vulnerability","trivy","vilicus"],"latest_commit_sha":null,"homepage":"https://vilicus.edersonbrilhante.com.br/","language":"SCSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/edersonbrilhante.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-15T20:36:52.000Z","updated_at":"2025-03-19T21:26:56.000Z","dependencies_parsed_at":"2023-02-06T21:32:10.876Z","dependency_job_id":null,"html_url":"https://github.com/edersonbrilhante/vilicus","commit_stats":null,"previous_names":["edersonbrilhante/ccvs"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edersonbrilhante%2Fvilicus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edersonbrilhante%2Fvilicus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edersonbrilhante%2Fvilicus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/edersonbrilhante%2Fvilicus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/edersonbrilhante","download_url":"https://codeload.github.com/edersonbrilhante/vilicus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248986312,"owners_count":21194025,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anchore","cicd","clair","docker","docker-image","docker-scanner","golang","oci","oci-image","oci-scanner","scan-images","security","security-scanner","security-tools","security-vulnerability","trivy","vilicus"],"created_at":"2024-08-01T15:06:05.868Z","updated_at":"2025-04-15T01:10:54.174Z","avatar_url":"https://github.com/edersonbrilhante.png","language":"SCSS","funding_links":[],"categories":["SCSS","Security \u0026 Compliance"],"sub_categories":[],"readme":"# Vilicus\n\n\u003cp align=\"left\"\u003e\n  \u003ca href=\"https://github.com/edersonbrilhante/vilicus/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/edersonbrilhante/vilicus\"/\u003e\u003c/a\u003e\n  \u003ca href=\"https://travis-ci.com/edersonbrilhante/vilicus.svg?branch=main\"\u003e\u003cimg src=\"https://travis-ci.com/edersonbrilhante/vilicus.svg?branch=main\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n# Table of Contents\n- [Overview](#overview)\n  - [How does it work?](#how-does-it-work)\n- [Architecture](#architecture)\n- [Development](#development)\n    - [Run deployment manually](#run-deployment-manually)\n- [Usage](#usage)\n    - [Example of analysis](#example-of-analysis)\n\n---\n\n## Overview\nVilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics. It can perform using [Anchore](https://github.com/anchore/anchore-engine), [Clair](https://github.com/quay/clair) and [Trivy](https://github.com/aquasecurity/trivy).\n\n### How does it work?\nThere many tools to scan container images, but sometimes the results can be diferent in each one them. So the main goal of this project is to help development teams improve the quality of their container images by finding vulnerabilities and thus addressing them with anagnostic sight from vendors.\n\n**Here you can find articles comparing the scanning tools**:\n- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy](https://boxboat.com/2020/04/24/image-scanning-tech-compared/)\n- [5 open source tools for container security](https://opensource.com/article/18/8/tools-container-security)\n\n---\n\n## Architecture\n![Kiku](docs/arch.gif)\n\n---\n\n## Development\n### Run deployment manually\n```bash\ndocker-compose -f deployments/docker-compose.yaml up -d\n```\n\n---\n\n## Usage\n\n### Requirements\n- Disk Space ~30GB:\n  - Docker System:\n    - Images ~14GB\n    - Containers ~11GB\n    - Local Volumes ~200MB\n- Docker\n- Docker Compose\n- Bash\n- Wget\n\n### Using vilicus client\nRun these following commands:\n```\nexport TEMPLATE=\u003ctemplate\u003e\nexport OUTPUT=\u003coutput\u003e\nexport IMAGE=\u003cpublic_image\u003e|\u003cvilicus_local_image\u003e\nwget -O run-job.sh https://raw.githubusercontent.com/edersonbrilhante/vilicus/main/scripts/run-job.sh\nchmod +x ./run-job.sh\n./run-job.sh\n```\nThe result will be stored in into the file set by the environment variable `OUTPUT`.\n\n### Templates and Outputs\n**Gitlab**\u003cbr\u003e\n***Template***: `/opt/vilicus/contrib/gitlab.tpl`\u003cbr\u003e\n***Output***: `/artifacts/gl-container-scanning-report.json`\n\n**Sarif**\u003cbr\u003e\n***Template***: `/opt/vilicus/contrib/sarif.tpl`\u003cbr\u003e\n***Output***: `/artifacts/result.sarif`\n\n### Public image and Local images\nVilicus provides support images hosted in public repository and local builds. Public image is an image hosted in public repository such as DockerHub. To scan images in self-hosted registry or local build you must tag the image to the vilicus local registry.\n\n**Self-hosted registry**\n`docker tag \u003cself-hosted-registry\u003e/\u003cimage:tag\u003e localhost:5000/\u003cimage:tag\u003e`\n\n**Local build**\n`docker build -t localhost:5000/\u003cimage:tag\u003e -f \u003cDockerfile\u003e \u003ccontext\u003e`\n\n### Free Online Service\nVilicus also provides a [free online service](http://vilicus.edersonbrilhante.com.br/). \n\n#### How it works?\nThis service is a serverless full-stack application with backend workers and database only using git and ci/cd runners.\n\nThe Frontend is hosted in GitHub Pages. This frontend is a landing page with a free service to scan or display the vulnerabilities in container images.\n\nThe results of container image scans are stored in a GitLab Repository.\n\nWhen the user asks to show the results from an image, the frontend consumes the GitLab API to retrieve the file with vulns from this image. In case this image is not scanned yet, the user has the option to schedule a scan using a google form.\n\nWhen this form is filled, the data is sent to a Google Spreadsheet.\n\nA GitHub Workflow runs every 5 minutes to check if there are new answers in this Spreadsheet. For each new image in the Spreadsheet, this workflow triggers another Workflow to scan the image and save the result in the GitLab Repository.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Federsonbrilhante%2Fvilicus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Federsonbrilhante%2Fvilicus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Federsonbrilhante%2Fvilicus/lists"}