{"id":15600441,"url":"https://github.com/flopezag/fiware-security","last_synced_at":"2026-03-15T02:25:52.582Z","repository":{"id":41291446,"uuid":"169217313","full_name":"flopezag/fiware-security","owner":"flopezag","description":"Security analysis of the FIWARE GEs docker images","archived":false,"fork":false,"pushed_at":"2024-04-13T07:39:44.000Z","size":605,"stargazers_count":1,"open_issues_count":13,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-24T07:14:13.333Z","etag":null,"topics":["ansible","ansible-playbook","ansible-roles","docker","docker-compose","docker-security","openstack-sdk"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flopezag.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"Roadmap","authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-05T09:37:43.000Z","updated_at":"2023-05-08T10:32:06.000Z","dependencies_parsed_at":"2024-04-12T10:42:50.950Z","dependency_job_id":"38cbbf25-6929-499e-87ad-0c11b058e7cf","html_url":"https://github.com/flopezag/fiware-security","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flopezag%2Ffiware-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flopezag%2Ffiware-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flopezag%2Ffiware-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flopezag%2Ffiware-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flopezag","download_url":"https://codeload.github.com/flopezag/fiware-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250580746,"owners_count":21453537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-playbook","ansible-roles","docker","docker-compose","docker-security","openstack-sdk"],"created_at":"2024-10-03T02:03:03.508Z","updated_at":"2026-03-15T02:25:52.568Z","avatar_url":"https://github.com/flopezag.png","language":"Go","readme":"# FIWARE Cybersecurity Analysis\n\n\u003c!-- PROJECT LOGO --\u003e\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://github.com/flopezag/fiware-security\"\u003e\n    \u003cimg src=\"doc/FIWARESecurity.png\" alt=\"Logo\" width=\"137\" height=\"150\"\u003e\n  \u003c/a\u003e\n\n\u003ch3 align=\"center\"\u003eFIWARE Cybersecurity Analysis of the FIWARE Generic Enablers\u003c/h3\u003e\n\n  \u003cp align=\"center\"\u003e\n    \u003c!--\u003ca href=\"https://github.com/flopezag/fiware-security\"\u003e\u003cstrong\u003eExplore the docs »\u003c/strong\u003e\u003c/a\u003e\n    \u003cbr /\u003e\n    \u003cbr /\u003e\n    \u003ca href=\"https://github.com/flopezag/fiware-security\"\u003eView Demo\u003c/a\u003e\n    ·--\u003e\n    \u003ca href=\"https://github.com/flopezag/fiware-security/issues\"\u003eReport Bug\u003c/a\u003e\n    ·\n    \u003ca href=\"https://github.com/flopezag/fiware-security/issues\"\u003eRequest Feature\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\n# Security Scan of FIWARE Catalogue components\n\nThis program has been developed to facilitate the Security Scan of the FIWARE Catalogue components and generate a report to facilitate the the resolution of identified issues on them.\n\nAutomatically scan a particular local docker image or all local docker containers \nwith [Clair Vulnerability Scanner](https://github.com/coreos/clair) using \n[Clair-Scanner](https://github.com/arminc/clair-scanner) and \n[clair-local-scan](https://github.com/arminc/clair-local-scan) together with together \nwith the [Docker Bench for Security](https://github.com/docker/docker-bench-security) \nto check common best-practices around deploying FIWARE Docker containers in production. \n\nThe tests are all automated, and are inspired by the \n[CIS Docker Community Edition Benchmark v1.1.0](https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_Community_Edition_Benchmark_v1.1.0.pdf).\n\nThe information of the components to be analyzed is maintained in the file [enablers.json](./config/enablers.json).\n\n## Go installation\n\nTo install the Go language, you can follow the instructions detailed in the [Go Installation instructions](https://go.dev/doc/install). The following are the steps for Linux installation\n\n1. Remove any previous Go installation by deleting the /usr/local/go folder (if it exists), then extract the archive you just downloaded into /usr/local, creating a fresh Go tree in /usr/local/go:\n\n    ```bash\n    $ rm -rf /usr/local/go \u0026\u0026 tar -C /usr/local -xzf go1.24.4.linux-amd64.tar.gz\n    ```\n\n    (You may need to run the command as root or through sudo).\n\n    Do not untar the archive into an existing /usr/local/go tree. This is known to produce broken Go installations.\n\n2. Add /usr/local/go/bin to the PATH environment variable.\nYou can do this by adding the following line to your $HOME/.profile or /etc/profile (for a system-wide installation):\n\n    ```bash\n    export PATH=$PATH:/usr/local/go/bin\n    ```\n\n    Note: Changes made to a profile file may not apply until the next time you log into your computer. To apply the changes immediately, just run the shell commands directly or execute them from the profile using a command such as source $HOME/.profile.\n\n3. Verify that you've installed Go by opening a command prompt and typing the following command:\n\n    ```bash\n    $ go version\n    ```\n\n    Confirm that the command prints the installed version of Go.\n\n## Update dependencies\n\nTo update the current dependencies of the project, execute the following command:\n\n```bash\ngo mod tidy\n```\n\n## Compile the program\n\nThe command to generate the executable command of the parser is the following:\n\n```bash\ngo build .\n```\n\nIt will generate the `scan` program that we will use to generate the summary of security vulnerabilities of our code.\n\n## Run\n\nTo execute the scan, just specify the option of `check` together with the Enabler that we wanted to analyse. The list of available enablers can be found in the [enablers.json](./config/enablers.json) file. The command should be the following for Keyrock enabler:\n\n```bash\nscan check Keyrock\n```\n\nIt will generate a file in the `results`folder with the result of the Security Scan Analysis with details of the Date and Time of this scan (e.g., Keyrock_idm_20240411_1254_grype.json) in JSON format.\n\nFurthermore, we can use a other command to summarize the data and visualize the histogram of the different vulnerabilities found in the scan.\n\n```bash\nscan visualize Keyrock\n```\nThis provide console output with teh following content:\n\n- Total count of vulnerabilities\n- Severity test histogram\n- EPSS and risk averages\n- Count of EPSS \u003e 0.9 and Risk \u003e 90\n\nwhere:\n\n- **Severity**: String severity based on CVSS scores and indicate the significance \nof a vulnerability in levels. This balances concerns such as ease of exploitability, \nand the potential to affect confidentiality, integrity, and availability of software \nand services.\n\n- **EPSS**: [Exploit Prediction Scoring System](https://www.first.org/epss/model) is \na metric expressing the likelihood that a vulnerability will be exploited in the wild \nover the next 30 days (on a 0–1 scale); higher values signal a greater likelihood of \nexploitation. The table output shows the EPSS percentile, a one-way transform of the \nEPSS score showing the proportion of all scored vulnerabilities with an equal or lower \nprobability. Percentiles linearize a heavily skewed distribution, making threshold \nchoice (e.g. “only CVEs above the 90th percentile”) straightforward.\n\n## Manual review of the output\n\nYou can use [jq]() to check the output generated in JSON format, for example, to get the risk values and the total number of issues associated\nto a report generated for Orion component, you can execute the following\ncommand:\n\n```bash\njq '[.matches[].vulnerability.risk] as $risks | {risk: $risks, n: ($risks | length)}' Orion_orion_20250702_1819_grype.json\n```\n\n## Roadmap\n\nIf you want to take a look to the Roadmap and Refactoring Plan check the content of [Refactoring.md](./doc/Refactoring.md) file.\n\n## License\n\nThese scripts are licensed under Apache License 2.0.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflopezag%2Ffiware-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflopezag%2Ffiware-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflopezag%2Ffiware-security/lists"}