{"id":13509747,"url":"https://github.com/jmpsec/osctrl","last_synced_at":"2026-04-02T20:01:22.181Z","repository":{"id":35201760,"uuid":"162198195","full_name":"jmpsec/osctrl","owner":"jmpsec","description":"Fast and efficient osquery management","archived":false,"fork":false,"pushed_at":"2026-03-31T09:38:24.000Z","size":6574,"stargazers_count":495,"open_issues_count":23,"forks_count":61,"subscribers_count":8,"default_branch":"main","last_synced_at":"2026-03-31T11:37:39.761Z","etag":null,"topics":["detection-infrastructure","endpoint-security","host-instrumentation","incident-response","infrastructure-management","osquery","security"],"latest_commit_sha":null,"homepage":"https://osctrl.net","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jmpsec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-12-17T22:33:34.000Z","updated_at":"2026-03-31T09:37:12.000Z","dependencies_parsed_at":"2023-02-17T23:31:25.121Z","dependency_job_id":"b1a66fc1-058d-4e2a-88bb-dc9f8be99a57","html_url":"https://github.com/jmpsec/osctrl","commit_stats":null,"previous_names":["javuto/osctrl"],"tags_count":49,"template":false,"template_full_name":null,"purl":"pkg:github/jmpsec/osctrl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmpsec%2Fosctrl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmpsec%2Fosctrl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmpsec%2Fosctrl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmpsec%2Fosctrl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jmpsec","download_url":"https://codeload.github.com/jmpsec/osctrl/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jmpsec%2Fosctrl/sbom","scorecard":{"id":508550,"data":{"date":"2025-08-11","repo":{"name":"github.com/jmpsec/osctrl","commit":"203b5e84a0087520a3f36b256f0b2ce2c098cb10"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.5,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/10 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/build_and_test_main_merge.yml:146","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build_and_test_main_merge.yml:147","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/create_tagged_releases.yml:228","Info: topLevel 'contents' permission set to 'read': .github/workflows/build_and_test_main_merge.yml:9","Info: topLevel 'contents' permission set to 'read': .github/workflows/build_and_test_pr.yml:3","Info: topLevel 'contents' permission set to 'read': .github/workflows/create_tagged_releases.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangci-lint.yml:14","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:9","Warn: topLevel 'packages' permission set to 'write': .github/workflows/release.yml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/test-release.yml:12"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.4.5 not signed: https://api.github.com/repos/jmpsec/osctrl/releases/239638636","Warn: release artifact v0.4.4 not signed: https://api.github.com/repos/jmpsec/osctrl/releases/208482666","Warn: release artifact v0.4.3 not signed: https://api.github.com/repos/jmpsec/osctrl/releases/201860259","Warn: release artifact v0.4.2 not signed: https://api.github.com/repos/jmpsec/osctrl/releases/194092327","Warn: release artifact v0.4.1 not signed: https://api.github.com/repos/jmpsec/osctrl/releases/183209195","Warn: release artifact v0.4.5 does not have provenance: https://api.github.com/repos/jmpsec/osctrl/releases/239638636","Warn: release artifact v0.4.4 does not have provenance: https://api.github.com/repos/jmpsec/osctrl/releases/208482666","Warn: release artifact v0.4.3 does not have provenance: https://api.github.com/repos/jmpsec/osctrl/releases/201860259","Warn: release artifact v0.4.2 does not have provenance: https://api.github.com/repos/jmpsec/osctrl/releases/194092327","Warn: release artifact v0.4.1 does not have provenance: https://api.github.com/repos/jmpsec/osctrl/releases/183209195"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/test-release.yml:18"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/jmpsec/osctrl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/jmpsec/osctrl/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/jmpsec/osctrl/test-release.yml/main?enable=pin","Warn: containerImage not pinned by hash: deploy/cicd/docker/Dockerfile-osctrl-admin:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: deploy/cicd/docker/Dockerfile-osctrl-api:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: deploy/cicd/docker/Dockerfile-osctrl-cli:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: deploy/cicd/docker/Dockerfile-osctrl-tls:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:1aa979d85661c488ce030ac292876cf6ed04535d3a237e49f61542d8e5de5ae0","Warn: containerImage not pinned by hash: deploy/docker/dockerfiles/Dockerfile-dev-admin:3","Warn: containerImage not pinned by hash: deploy/docker/dockerfiles/Dockerfile-dev-api:2","Warn: containerImage not pinned by hash: deploy/docker/dockerfiles/Dockerfile-dev-cli:3","Warn: containerImage not pinned by hash: deploy/docker/dockerfiles/Dockerfile-dev-cli:35","Warn: containerImage not pinned by hash: deploy/docker/dockerfiles/Dockerfile-dev-tls:2","Warn: containerImage not pinned by hash: deploy/docker/dockerfiles/Dockerfile-nginx:2","Warn: containerImage not pinned by hash: deploy/docker/dockerfiles/Dockerfile-osquery:2","Info:  19 out of  19 GitHub-owned GitHubAction dependencies pinned","Info:  10 out of  13 third-party GitHubAction dependencies pinned","Info:   0 out of  11 containerImage dependencies pinned","Info:   9 out of   9 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T23:52:33.230Z","repository_id":35201760,"created_at":"2025-08-19T23:52:33.230Z","updated_at":"2025-08-19T23:52:33.230Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31314787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detection-infrastructure","endpoint-security","host-instrumentation","incident-response","infrastructure-management","osquery","security"],"created_at":"2024-08-01T02:01:12.288Z","updated_at":"2026-04-02T20:01:22.161Z","avatar_url":"https://github.com/jmpsec.png","language":"Go","funding_links":[],"categories":["Go","security"],"sub_categories":[],"readme":"# osctrl\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"osctrl\" src=\"logo.png\" width=\"300\" /\u003e\n  \u003cp align=\"center\"\u003e\n    Fast and efficient osquery management.\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/jmpsec/osctrl/blob/master/LICENSE\"\u003e\n      \u003cimg alt=\"Software License\" src=\"https://img.shields.io/badge/license-MIT-green?style=flat-square\u0026fuckgithubcache=1\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/jmpsec/osctrl\"\u003e\n      \u003cimg alt=\"Build Status\" src=\"https://github.com/jmpsec/osctrl/actions/workflows/build_and_test_main_merge.yml/badge.svg?branch=main\u0026fuckgithubcache=1\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://goreportcard.com/report/github.com/jmpsec/osctrl\"\u003e\n      \u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/jmpsec/osctrl?style=flat-square\u0026fuckgithubcache=1\"\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n## 🤔 What is osctrl?\n\n**osctrl** is a fast and efficient [osquery](https://osquery.io) management solution, implementing its [remote API](https://osquery.readthedocs.io/en/stable/deployment/remote/) as TLS endpoint.\n\nWith **osctrl** you can:\n\n- ✨ Monitor all your systems running osquery\n- 📦 Distribute its configuration fast\n- 📊 Collect all the status and result logs\n- ⚡ Run on-demand queries\n- 🗂️ Carve files and directories\n- ⚙️ Scale from **hundreds to hundreds of thousands of nodes**\n\n\u003e [!WARNING]\n\u003e **osctrl** is a fast evolving project, and while it is already being used in production environments, it is still under active development. Please make sure to read the documentation and understand its current state before deploying it in a critical environment.\n\n### 🚀 Why osctrl?\n\nWhether you’re running a small deployment or managing large fleets, **osctrl** gives you visibility and control over your osquery endpoints without compromising security or performance.\n\n## 👉 Documentation\n\nYou can find the documentation of the project in [https://osctrl.net](https://osctrl.net)\n\n## 🗂 Project Structure\n\n```text\nosctrl/\n├── cmd/                         # Service and CLI entrypoints\n│   ├── admin/                   # osctrl-admin (web UI + admin handlers/templates/static)\n│   ├── api/                     # osctrl-api (REST API service)\n│   ├── cli/                     # osctrl-cli (operator CLI)\n│   └── tls/                     # osctrl-tls (osquery remote API endpoint)\n├── pkg/                         # Shared application packages\n│   ├── auditlog/                # Audit log manager\n│   ├── backend/                 # DB manager/bootstrap\n│   ├── cache/                   # Redis/cache managers\n│   ├── carves/                  # File carve logic/storage integrations\n│   ├── config/                  # Config structs/flags/validation\n│   ├── environments/            # Environment management\n│   ├── handlers/                # Shared HTTP handlers\n│   ├── logging/                 # Log pipeline + logger backends\n│   ├── nodes/                   # Node state/registration/cache\n│   ├── queries/                 # Query management/scheduling/results\n│   ├── settings/                # Runtime settings\n│   ├── tags/                    # Tag management\n│   ├── users/                   # User and permissions management\n│   ├── utils/                   # Utility helpers\n│   ├── types/                   # Shared type definitions\n│   └── version/                 # Version metadata\n├── deploy/                      # Deployment configs/scripts (docker/nginx/osquery/systemd, CI/CD, redis, config, helpers, etc.)\n├── tools/                       # Dev/release helpers and API test assets (Bruno collections, scripts)\n├── bin/                         # Built binaries (from make)\n├── docker-compose-dev.yml       # Local multi-service development stack\n├── Makefile                     # Build/test/dev targets\n└── osctrl-api.yaml              # OpenAPI specification for osctrl-api\n```\n\n## 🏛 Architecture\n\n```mermaid\nflowchart LR\n    A[\"osquery Agents\"] --\u003e|TLS Remote API| T[\"osctrl-tls\"]\n    O[\"Operators\"] --\u003e|Web UI| W[\"osctrl-admin\"]\n    O --\u003e|CLI| C[\"osctrl-cli\"]\n    O --\u003e|REST| P[\"osctrl-api\"]\n\n    W --\u003e|HTTP API| P\n    C --\u003e|HTTP API| P\n\n    T --\u003e S[\"Shared Packages (pkg/*)\"]\n    W --\u003e S\n    P --\u003e S\n    C --\u003e S\n    C -.-\u003e|Direct DB mode| D\n\n    S --\u003e D[\"PostgreSQL Backend\"]\n    S --\u003e R[\"Redis Cache\"]\n    S --\u003e L[\"Log Destinations (DB, file, S3, Elastic, Splunk, Graylog, Kafka, Kinesis, Logstash)\"]\n    S --\u003e F[\"Carve Storage (DB, local, S3)\"]\n```\n\n## 🛠 Development\n\nThe fastest way to get started with **osctrl** development is by using [Docker](https://www.docker.com/) and [Docker Compose](https://docs.docker.com/compose/). But you can find other methods below.\n\n### 🐳 Running osctrl with docker for development\n\nYou can use docker to run **osctrl** and all the components are defined in the `docker-compose-dev.yml` that ties all the components together, to serve a functional deployment.\n\nUltimately you can just execute `make docker_dev` and it will automagically build and run `osctrl` locally in docker, for development purposes.\n\n### 🤖 Using provisioning script\n\nUsing the provided `deploy/provision.sh` script, you can set up a development environment on your local machine. This script will install all necessary dependencies and configure the environment for **osctrl** development in a latest Ubuntu LTS system.\n\nCheck the [documentation](https://osctrl.net/deployment/natively/) for more details on how to use the provisioning script.\n\nUltimately the script can also be used to deploy **osctrl** in production systems, please refer to the documentation for more details.\n\n### 🏗 Building from source\n\nTo build **osctrl** from source, ensure you have [Go](https://golang.org/dl/) installed (version 1.25 or higher is recommended). Then, clone the repository and run the following commands:\n\n```bash\ngit clone https://github.com/jmpsec/osctrl.git\ncd osctrl\nmake\n```\n\nThis will compile all the **osctrl** [components](https://osctrl.net/components/) (`osctrl-tls`, `osctrl-admin`, `osctrl-api`, `osctrl-cli`), placing the binaries in the `bin/` directory.\n\n## 💬 Slack\n\nFind us in the #osctrl channel in the official osquery Slack community ([Request an auto-invite!](https://join.slack.com/t/osquery/shared_invite/zt-1wipcuc04-DBXmo51zYJKBu3_EP3xZPA))\n\n## 📜 License\n\n**osctrl** is licensed under the [MIT License](https://github.com/jmpsec/osctrl/blob/master/LICENSE).\n\n## 🧠 Security \u0026 Reporting\n\nThis is a security-sensitive project. Please read the `SECURITY.md` for vulnerability reporting and responsible disclosure guidelines.\n\n## 🤝 Contributing\n\nWe ❤️ contributions!\n\nFeel free to fork the repository and submit pull requests. For major changes, please open an issue first to discuss what you would like to change.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmpsec%2Fosctrl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjmpsec%2Fosctrl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjmpsec%2Fosctrl/lists"}