Skip to content
This repository has been archived by the owner on May 9, 2019. It is now read-only.

blackducksoftware/ose-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

146 Commits

arbiter

arbiter

 
 

common

common

 
 

controller

controller

 
 

install

install

 
 

scanner

scanner

 
 

vendor

vendor

 
 

.bdignore

.bdignore

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

build-docker-installer.sh

build-docker-installer.sh

 
 

build-docker-kube-installer.sh

build-docker-kube-installer.sh

 
 

build-tar-installer.sh

build-tar-installer.sh

 
 

build-tar-kube-installer.sh

build-tar-kube-installer.sh

 
 

build.txt

build.txt

 
 

release.properties

release.properties

 
 

Repository files navigation

We have moved!

The original 1.x ose-scanner has now been replaced with the OpsSight 2x product (based on the Black Duck "Perceptor" upstream project for distributed cloud-native security scanning).

Thanks to everyone, especially Tim Mackey, for all the hard work on this great product!

The OpsSight product

The downstream implementation of this project, hosted by Synopsys (Black Duck) is here: https://github.com/blackducksoftware/opssight-connector/. If you have questions feel free to use the contact list there, or just file an upstream issue. Also feel free to contact jbeakley@synopsys.com, ngoldman@synopsys.com for a demo!

The Perceptor open-source project (the upstream source of OpsSight)

OpsSight now has a 'pure' upstream implementation and is thus broken up into several microservices that are composable, and developed in a pure, non-proprietary manner (and also useable out of the box), and exist in their own independent development lifecycles. These can be adopted and recomposed in any manner, and are all ASF licensed. Feel free to get involved and create an issue on any of them if you have any questions. You can contact our development team directly as well.

https://github.com/blackducksoftware/perceptor https://github.com/blackducksoftware/perceivers https://github.com/blackducksoftware/perceptor-protoform https://github.com/blackducksoftware/perceptor-scanner

Legacy content below ~ only for archival purposes.

Overview

The Black Duck OpsSight Connector (ose-scanner) automates the discovery of open-source components and security vulnerabilities in container images as they are instantiated in container-orchestration platforms. OpsSight helps you prevent known open source vulnerabilities from being deployed into production environments.

With OpsSight, you can:

  • Scan and inventory open source in images as they are instantiated in a container-orchestration platform.
  • Identify and highlight any images that contain known security vulnerabilities.
  • Flag containers that violate open source security policies to prevent them from being deployed to production.
  • Receive automated alerts when any newly discovered vulnerabilities may affect containers in your cluster.

The OpsSight Connector detects when new pods are added to a cluster environment (OpsSight on OpenShift also detects new images through ImageStreams), scans those containers, sends information back to the Black Duck Hub, then annotates and labels containers to indicate risks detected in the containers' open-source components. Detailed scan results are available in your Hub instance. Container annotations can be used to enforce security policies and ensure vulnerable containers are not deployed in production environments.

The end-to-end OpsSight solution therefore requires a Black Duck Hub with an OpsSight feature license.

The latest version of the OpsSight Connector supports both Kubernetes and Red Hat OpenShift.

For more information on the OpsSight Connector, see the:

Build

See below for Build Status and the Go Report Card for the ose-scanner project.

Build Status Go Report Card

Release Status

This project is under active development and has had several official releases, with more in the pipeline.

Contributing

We welcome all contributions. If you identify an issue, please raise it, and feel free to propose a solution.

Contributions are best done via pull request. It is recommended to start small, and propose changes first. Raising an issue and holding a discussion will help reduce the iterations during pull-request review.

When contributing to this project, please ensure that all changes have been verified using go vet and formatted per go fmt. This can be done using make vet within the project.

Please note that PRs that change code (as opposed to readme/docs) and that lack information related to the orchestration-cluster and Hub versions tested against will take longer to approve.

Community Values

Part of any successful open source project is the ethos that the health of the community is more important than the code itself.

In that spirit, we adopt the values of Cris Nova's kubicorn project, which is both extremely successful and also an excellent example of how to build a community around an open-source infrastructure software.

We restate the kubicorn core values below and adopt them as our own:

  • Infrastructure as software: We believe that the important layer of infrastructure should be represented as software (not as code!).
  • Rainbows and Unicorns: We believe that sharing is important, and encouraging our peers is even more important. Part of contributing to (ose_scanner) means respecting, encouraging, and welcoming others to the project.

License

Apache License 2.0

About

OpenShift Hub Integration

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

7 stars

Watchers

15 watching

Forks

11 forks
Report repository

Releases 7

1.0.2 Latest
Feb 6, 2018
+ 6 releases

Packages

No packages published

Contributors 7

Languages