https://github.com/ziozzang/lampas
"Lampas" is Generic Linux Package security scanning tool.(include non-docker)
https://github.com/ziozzang/lampas
alpine centos clair clair-db cve-scanning debian devops devsecops golang linux redhat rest-api rhel scanner security-audit security-tools security-vulnerability ubuntu vulnerability-detection vulnerability-scanners
Last synced: 10 months ago
JSON representation
"Lampas" is Generic Linux Package security scanning tool.(include non-docker)
- Host: GitHub
- URL: https://github.com/ziozzang/lampas
- Owner: ziozzang
- License: bsd-2-clause
- Created: 2018-02-09T09:22:50.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2018-02-22T13:13:32.000Z (about 8 years ago)
- Last Synced: 2025-06-03T09:18:56.784Z (11 months ago)
- Topics: alpine, centos, clair, clair-db, cve-scanning, debian, devops, devsecops, golang, linux, redhat, rest-api, rhel, scanner, security-audit, security-tools, security-vulnerability, ubuntu, vulnerability-detection, vulnerability-scanners
- Language: Python
- Homepage:
- Size: 48.8 KB
- Stars: 2
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Lampas
# TL;DR
Lampas is for generic linux distro package security Scanner.
* the meaning of lampas is came from latin word 'Lampas'
* the word is from Ancient Greek λαμπάς (lampás, “lamp or flambeau”), from λάμπω (lámpō), perhaps from Proto-Indo-European *leh₂p- (“glow”)
Clair Generic Scan Server (HTTP)
* Lampas is renamed from "clair-generic-scan-server". Lampas is latin words which means lamp or lantern.
* You can scan any linux system not only docker but also bare-metal.
* Clair use newest distro's NVD/CVE database. this means clair's DB is very accurated and fastest. There's no false negative or false positive issue.
* Support Linux Distro.
* Ubuntu / Debian
* Centos / Redhat / Oracle
* Alpine
* [Clair](https://github.com/coreos/clair/) is opensource project by CoreOS(Acquired by RedHat)
* welcome any pull requests.
# Demo
* Demo is checking not only Host Ubuntu system but also inside centos docker container.
[](https://asciinema.org/a/s0fYjJrGbtYcl2rBPocozZR0c)
# Author
* Jioh L. Jung : [linkedin.com/in/ziozzang](https://linkedin.com/in/ziozzang)
# Requirements
* Clair DB format is 2.0.1 (on Clair Public Release)
* not working with [VMWare Harbor](https://github.com/vmware/harbor/) or other 3rd party's modified clair release.
# Run
* Run with docker-compose. (easist method)
```
cd compose
docker-compose up -d
# wait for DB updating is complated. (maybe 10-30 min. time depend on network issue)
docker exec -it lampas python /opt/test.py
```
* You can test on bare-metal using with cli client.
* compatability
* Tested & Working: Centos7 / RHEL 7 / Debian 8,9 / Ubuntu 14.04 or above / Alpine
* Not working: Centos 6 / RHEL 6 / Debian 7
* Python version: python & requests module are required.
* Golang version: Static compiled binary does not need any requirements.
```
# Python version
python ./cli/scanner.py http://127.0.0.1:5000
# Golang version
# - Build Binary
docker run -it --rm \
-v `pwd`/cli:/usr/src/scanner \
-w /usr/src/scanner \
-e "CGO_ENABLED=0" -e "GOOS=linux" \
golang bash -c \
"go get github.com/Jeffail/gabs && go get github.com/go-ini/ini && go build -a -ldflags '-extldflags \"-static\"' ."
# or you can use build scripts
cd cli
curl https://raw.githubusercontent.com/ziozzang/go-static-template/master/install | bash
BIN_NAME=scanner ./build.sh
# - Run
./cli/scanner http://127.0.0.1:5000
```
* Environments Parameters
* not yet documented
# API
not yet documented.
# Build
```
docker build -t ziozzang/clair-generic-scan-server .
docker run -it --rm -p 5000:5000 --link pgsql:pgsql ziozzang/clair-generic-scan-server
```
# Known Issue
* if no database updated, server return 500.
* no error processing
* no web ui.
# TO-Do
* Documents
* API
# License
* BSD.
* You can use any purpose.