{"id":15108657,"url":"https://github.com/hxsecurity/dongtai","last_synced_at":"2025-05-14T14:08:30.390Z","repository":{"id":37094753,"uuid":"350202861","full_name":"HXSecurity/DongTai","owner":"HXSecurity","description":"Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.","archived":false,"fork":false,"pushed_at":"2024-12-26T09:44:42.000Z","size":62017,"stargazers_count":1276,"open_issues_count":52,"forks_count":150,"subscribers_count":12,"default_branch":"develop","last_synced_at":"2025-05-09T19:46:36.576Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://dongtai.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HXSecurity.png","metadata":{"files":{"readme":"README-zh.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-22T04:08:18.000Z","updated_at":"2025-05-09T06:28:10.000Z","dependencies_parsed_at":"2024-11-16T05:30:50.027Z","dependency_job_id":"3e5333eb-0126-4bf1-a17d-33ccf29a09cb","html_url":"https://github.com/HXSecurity/DongTai","commit_stats":null,"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HXSecurity%2FDongTai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HXSecurity%2FDongTai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HXSecurity%2FDongTai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HXSecurity%2FDongTai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HXSecurity","download_url":"https://codeload.github.com/HXSecurity/DongTai/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254160376,"owners_count":22024568,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-25T22:21:06.070Z","updated_at":"2025-05-14T14:08:30.349Z","avatar_url":"https://github.com/HXSecurity.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DongTai\n\n[![django-project](https://img.shields.io/badge/django%20versions-3.0.3-blue)](https://www.djangoproject.com/)\n[![license Apache-2.0](https://img.shields.io/github/license/HXSecurity/DongTai-agent-java)](https://github.com/HXSecurity/DongTai-agent-java/blob/main/LICENSE)\n[![GitHub release](https://img.shields.io/github/v/release/HXSecurity/DongTai?label=DongTai)](https://github.com/HXSecurity/DongTai/releases)\n\n[![GitHub release](https://img.shields.io/github/v/release/HXSecurity/Dongtai-webapi?label=Dongtai-webapi)](https://github.com/HXSecurity/DongTai-webapi/releases)\n[![GitHub release](https://img.shields.io/github/v/release/HXSecurity/Dongtai-openapi?label=Dongtai-openapi)](https://github.com/HXSecurity/DongTai-openapi/releases)\n[![GitHub release](https://img.shields.io/github/v/release/HXSecurity/Dongtai-engine?label=Dongtai-engine)](https://github.com/HXSecurity/DongTai-engine/releases)\n[![GitHub release](https://img.shields.io/github/v/release/HXSecurity/Dongtai-web?label=Dongtai-web)](https://github.com/HXSecurity/DongTai-web/releases)\n[![GitHub release](https://img.shields.io/github/v/release/HXSecurity/DongTai-agent-java?label=DongTai-agent-java)](https://github.com/HXSecurity/DongTai-agent-java/releases)\n[![GitHub release](https://img.shields.io/github/v/release/HXSecurity/DongTai-agent-python?label=DongTai-agent-python)](https://github.com/HXSecurity/DongTai-agent-python/releases)\n\n[English](README.md)\n\n## DongTai是什么?\n\n洞态IAST是一款开源的交互式安全测试(IAST)产品，可通过被动插桩模式实现JAVA应用的通用漏洞及第三方组件漏洞的实时检测，非常适合在开发流水线的测试阶段使用。\n\n## 项目结构\n\n```\n.\n├── deploy\n├── dongtai_common 各个服务调用的常用函数和类\n├── dongtai_conf 配置文件\n├── dongtai_engine 漏洞检测与漏洞处理部分\n├── dongtai_protocol dongtai-server和agent交互的协议\n├── dongtai_web 与web交互的api\n├── static 静态文件\n└── test 测试用例\n```\n\n\n## 技术架构\n\n\"火线-洞态IAST\"具有多个基础服务，包括：`DongTai-web`、`DongTai`、 `agent`、`DongTai-Base-Image`、`DongTai-Plugin-IDEA`，其中：\n\n- `DongTai-web`是DongTai的产品页面，用于处理用户与洞态的交互\n- `DongTai\u003e\u003edongtai_web`负责处理用户的相关操作的API\n- `DongTai\u003e\u003edongtai_protocol`用于处理`agent`上报的注册/心跳/调用方法/第三方组件/错误日志等数据，下发hook策略，下发探针控制指令等\n- `DongTai\u003e\u003edongtai_engine` 根据调用方法数据和污点跟踪算法分析HTTP/HTTPS/RPC请求中是否存在漏洞，同时负责其它相关的定时任务\n- `agent`是DongTai的探针模块，包含不同编程语言的数据采集端，用于采集应用运行时的数据并上报至`DongTai-OpenAPI`服务\n- `DongTai-Base-Image`包含洞态运行时依赖的基础服务，包括：MySql、Redis\n- `DongTai-Plugin-IDEA`是Java探针对应的IDEA插件，可通过插件直接运行Java探针，直接在IDEA中检测漏洞\n\n## 应用场景\n\n\"火线-洞态IAST\"的应用场景包括但不限于:\n\n- 嵌入`DevSecOps`流程，实现应用漏洞的自动化检测/第三方组件梳理/第三方组件漏洞检测\n- 针对开源软件/开源组件进行通用漏洞挖掘\n- 上线前安全测试等\n\n## 快速开始\n\n`洞态IAST`支持**SaaS服务**和**本地化部署**，本地化部署的详细部署方案见[**部署文档**](./deploy)\n\n### 1. SaaS版本\n\n- 登录[洞态IAST](https://iast.io)系统\n- 根据[在线文档](https://doc.dongtai.io/docs/category/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B/)进行快速体验\n\n### 2. 本地化部署版本\n\n**洞态IAST**支持多种部署方案，可通过[部署文档](./deploy)了解部署方案详情，方案如下：\n\n- 单机版部署\n  - [x] [docker-compose部署](./deploy/docker-compose)\n  - [ ] docker部署方案 - 待更新\n- 集群版部署\n  - [x] [Kubernetes集群部署](./deploy/kubernetes)\n\n#### docker-compose部署\n\n```shell script\ngit clone git@github.com:HXSecurity/DongTai.git\ncd DongTai\nchmod u+x build_with_docker_compose.sh\n./build_with_docker_compose.sh\n```\n\n## 贡献\n\n欢迎并非常感谢您的贡献, 请参阅[contribution.md](https://github.com/HXSecurity/DongTai/blob/main/CONTRIBUTING.md)了解如何向项目贡献\n\n## 文档\n\n- [官方文档](https://doc.dongtai.io)\n- [官方网站](https://dongtai.io)\n\n## Stats\n\n![Alt](https://repobeats.axiom.co/api/embed/ea6a307f8f06cd1c2a19f2312751eb1706382af8.svg \"Repobeats analytics image\")\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhxsecurity%2Fdongtai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhxsecurity%2Fdongtai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhxsecurity%2Fdongtai/lists"}