{"id":13764220,"url":"https://github.com/target/portauthority","last_synced_at":"2025-05-10T19:30:45.750Z","repository":{"id":54176984,"uuid":"131608800","full_name":"target/portauthority","owner":"target","description":"API that leverages Clair to scan Docker Registries and Kubernetes Clusters for vulnerabilities","archived":true,"fork":false,"pushed_at":"2023-04-23T10:19:38.000Z","size":610,"stargazers_count":151,"open_issues_count":1,"forks_count":19,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-05-08T09:48:56.483Z","etag":null,"topics":["clair","docker-image","golang","kubernetes","policy-engine","vulnerability-assessment"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/target.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-04-30T14:52:31.000Z","updated_at":"2024-07-16T19:40:36.000Z","dependencies_parsed_at":"2022-08-13T08:20:58.185Z","dependency_job_id":"7a7baf26-d67c-4aa0-b293-43c82af1a3e1","html_url":"https://github.com/target/portauthority","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fportauthority","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fportauthority/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fportauthority/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/target%2Fportauthority/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/target","download_url":"https://codeload.github.com/target/portauthority/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253470593,"owners_count":21913699,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clair","docker-image","golang","kubernetes","policy-engine","vulnerability-assessment"],"created_at":"2024-08-03T16:00:16.705Z","updated_at":"2025-05-10T19:30:44.892Z","avatar_url":"https://github.com/target.png","language":"Go","funding_links":[],"categories":["Operators vs Controllers","Image"],"sub_categories":["Admission","[Port Authority Open Source Security Scanner for Docker](https://www.linkedin.com/pulse/port-authority-open-source-security-scanner-docker-srinivasan/)"],"readme":"[![Build Status](https://travis-ci.org/target/portauthority.svg?branch=master)](https://travis-ci.org/target/portauthority/builds)\n\n\n## Introduction\n\nPort Authority is an API service that delivers component based vulnerability assessments for Docker images at time of build and in run-time environments.\n\nThe Port Authority API is capable of orchestrating scans of individual public or private images as well as scanning entire private Docker registries like [Docker Hub](https://hub.docker.com), [Google Container Registry](https://cloud.google.com/container-registry/) or [Artifactory](https://jfrog.com/artifactory/). To accomplish this, Port Authority breaks each Docker image into layers and sends it to the open source static analysis tool [Clair](https://github.com/coreos/clair) in the backend to perform the scans and identify vulnerabilities. Upon completion of this workflow Port Authority maintains a manifest of the images and scan results.\n\nPort Authority also supplies developers with customizable offerings to assist with the audit and governance of their container workloads. Port Authority provides a webhook that when leveraged by a [Kubernetes](https://github.com/kubernetes/kubernetes) admission controller will allow or deny deployments based off of user-defined policies and image attributes. Port Authority then achieves run-time inspection by integrating with Kubernetes to discover running containers and inventorying those deployed images for scanning.\n\n## Getting Started \u003cimg align=\"right\" width=\"300\" src=\"imgs/ahab-small.png\"\u003e\n\n### Setup and Start Minikube\n1. Install [Minikube](https://github.com/kubernetes/minikube)\n2. Start Minikube:\n\n   `minikube start`\n\n**NOTE:** Supported Kubernetes versions (1.6.x - 1.9.x). Supported Clair versions v2.x.x.\n\n### Build and Deploy to Minikube\n1. Use Minikube Docker:\n\n   `eval $(minikube docker-env)`\n\n2. Deploy official Port Authority stack:\n\n   `make deploy-minikube`\n\n(Optional). Local developer build stack:\n\n1. Use Minikube Docker:\n\n   `eval $(minikube docker-env)`\n\n2. Get all Glide dependancies:\n\n   `make deps`\n\n3. Deploy official Port Authority stack:\n\n   `make deploy-minikube-dev`\n\n## Optional Configuration\nDifferent configuration adjustments can be made to the Port Authority deployment here: [minikube/portauthority/portauthority/config.yml](minikube/portauthority/portauthority/config.yml)\n\n:white_check_mark: Add Docker Credentials used by the K8s Crawler scan feature\n\n```yml\n### Environment variables defined below are mapped to credentials used by the Kubernetes Crawler API (/v1/crawler/k8s)\n### A 'Scan: true' flag will invoke their usage\nk8scrawlcredentials:\n  # Use \"\" for basic auth on registries that do not require a username and password\n  - url: \"docker.io\" #basic auth is empty UN and PW\n    username: \"DOCKER_USER\"\n    password: \"DOCKER_PASS\"\n  - url: \"gcr.io\" #basic auth is empty UN and PW\n    username: \"GCR_USER\"\n    password: \"GCR_PASS\"\n```\n\n:white_check_mark: Enable the [Kubernetes Admission Controller](docs/webhook-example/README.md) and change webhooks default behavior\n```yml\n# Setting imagewebhookdefaultblock to true will set the imagewebhooks endpoint default behavior to block any images with policy violations.\n# If it is set to false a user can change enable the behavior by setting the portauthority-webhook deployment annotation to true\nimagewebhookdefaultblock: false\n```\n\n\n## Docs\n\nPort Authority is an API service.  See our complete [_API Documentation_](docs/README.md) for further configuration, usage, Postman collections and more.\n\n## Contributing\n\nWe always welcome new PRs! See [_Contributing_](CONTRIBUTING.md) for further instructions.\n\n## Bugs and Feature Requests\n\nFound something that doesn't seem right or have a feature request? [Please open a new issue](issues/new/).\n\n## Copyright and License\n\n[![license](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE.txt)\n\n\u0026copy;2018 Target Brands, Inc.\n\n**Credit [Renee French](http://reneefrench.blogspot.com/) for original golang gopher\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarget%2Fportauthority","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftarget%2Fportauthority","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftarget%2Fportauthority/lists"}