https://github.com/orange-cloudfoundry/cf-audit-actions
Audit cloud foundry objects and do action when found a potential vulnerability
https://github.com/orange-cloudfoundry/cf-audit-actions
Last synced: 6 months ago
JSON representation
Audit cloud foundry objects and do action when found a potential vulnerability
- Host: GitHub
- URL: https://github.com/orange-cloudfoundry/cf-audit-actions
- Owner: orange-cloudfoundry
- License: apache-2.0
- Created: 2019-05-29T18:49:35.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2024-09-06T13:43:12.000Z (almost 2 years ago)
- Last Synced: 2024-09-06T15:55:51.400Z (almost 2 years ago)
- Language: Go
- Size: 12.8 MB
- Stars: 1
- Watchers: 8
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# cf-audit-actions
Audit cloud foundry objects and do action when found a potential vulnerability or do not match condition
For now only checking and disable ssh on app or space after a time limit has been made.
## Installation
```bash
$ bash -c "$(curl -fsSL https://raw.github.com/orange-cloudfoundry/cf-audit-actions/master/bin/install.sh)"
```
## Usage
```
Usage:
cf-audit-actions [OPTIONS]
Application Options:
-a, --api= cf api endpoint
-i, --client-id= cf client id
-s, --client-secret= cf client id
-u, --username= cf username (if client-id can't bet set)'
-p, --password= cf password (if client-id can't bet set)
--parallel= how many parallel request can be made
-k, --skip-ssl-validation Skip ssl validation
-v, --version Show version
Help Options:
-h, --help Show this help message
Available commands:
org-limiter Delete all apps which has been created after a period of time in an org
ssh Check if ssh is enabled in spaces and deactivate it if it reach the time limit
ssh-app Check if ssh is enabled in apps and deactivate it if it reach the time limit
```
## Concourse pipelines
Pipeline are provided in [/ci](/ci) folder:
- ssh audit and action on space:
```bash
fly set-pipeline \
--pipeline ssh-space-audit-actions \
--config ci/ssh/pipeline.yml \
--load-vars-from ci/ssh/vars.yml
```
- ssh audit and action on app:
```bash
fly set-pipeline \
--pipeline ssh-app-audit-actions \
--config ci/ssh-app/pipeline.yml \
--load-vars-from ci/ssh-app/vars.yml
```