Skip to content
This repository has been archived by the owner on Sep 12, 2024. It is now read-only.
/ cst Public archive

A middleware for intermediate container security scans against many security engines.

Notifications You must be signed in to change notification settings

tsuru/cst

Repository files navigation

CST

Build Status codecov

CST, stands for Container Security Testing, is a project to provide container security scans against many security engines (currently including only CoreOS Clair).

This project was designed to allow security scans out of the box. You would use it since at project's pipeline through where your imagination would go.

Running CST

This section outlines the required steps to run CST anywhere. The easiest way to deploy the CST is using Docker Compose. Thus, you should install Docker and Docker Compose before to follow the instructions.

Configuring CoreOS Clair

All configurations about CoreOS Clair are on etc/clair.cfg.yml file. That's a self-explaned config file from Clair's repository, see more details there.

WARNING: Unfortunately, Clair doesn't handle the database connection string via environment variables yet. So, we hardcoded the database credentials on its config file. You should change those credentials on: etc/clair.cfg.yml (line 23); and docker-compose.yml (envs POSTGRES_USER, POSTGRES_DB and POSTGRES_PASSWORD).

Certificate

To start the CST web server, you will need a certificate and its private key. Those files must be named cert.pem and key.pem, respectively, in the .certs dir.

In a local env, you can generate a self-signed certificate running the command below, for instance.

$ make generate-self-signed-certificate

Run Docker Compose

Now, it's time to run the Docker Compose and deploy the CST's stack. Do that by running the command below.

$ docker-compose up -d

Finally, you would be able to test the CST web API firing the command:

$ curl https://localhost:8443/health
WORKING

If everything is OK, you will see the "WORKING" message response.

About

A middleware for intermediate container security scans against many security engines.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published