CST, stands for Container Security Testing, is a project to provide container security scans against many security engines (currently including only CoreOS Clair).
This project was designed to allow security scans out of the box. You would use it since at project's pipeline through where your imagination would go.
This section outlines the required steps to run CST anywhere. The easiest way to deploy the CST is using Docker Compose. Thus, you should install Docker and Docker Compose before to follow the instructions.
All configurations about CoreOS Clair are on etc/clair.cfg.yml file. That's a
self-explaned config file from Clair's repository,
see more details there.
WARNING:
Unfortunately, Clair doesn't handle the database connection string via environment
variables yet. So, we hardcoded the database credentials on its config file.
You should change those credentials on: etc/clair.cfg.yml (line 23); and
docker-compose.yml (envs POSTGRES_USER, POSTGRES_DB and
POSTGRES_PASSWORD).
To start the CST web server, you will need a certificate and its private key.
Those files must be named cert.pem and key.pem, respectively, in the
.certs dir.
In a local env, you can generate a self-signed certificate running the command below, for instance.
$ make generate-self-signed-certificateNow, it's time to run the Docker Compose and deploy the CST's stack. Do that by running the command below.
$ docker-compose up -dFinally, you would be able to test the CST web API firing the command:
$ curl https://localhost:8443/health
WORKING
If everything is OK, you will see the "WORKING" message response.