twistlock / cloud-discovery Goto Github PK
View Code? Open in Web Editor NEWCloud Discovery provides a point in time enumeration of all the cloud native platform services
Home Page: https://www.twistlock.com
License: Apache License 2.0
Cloud Discovery provides a point in time enumeration of all the cloud native platform services
Home Page: https://www.twistlock.com
License: Apache License 2.0
what permissions do I need to assign to the gcp service account?
Are there plans to support Kubernetes platform?
It looks like Azure was added as a cloud provider for discovery, but how to use it isn't documented.
Currently only AWS is covered for cloud scans.
We need to add support for the following providers:
when using
curl -k -v -u admin:pass --raw --data \ '{"credentials": [{"id":"<AWS_ACCESS_KEY>","secret":"<AWS_ACCESS_PASSWORD>"}]}' \ https://localhost:9083/discover
I get an empty response from the server:
upload completely sent off: 100 out of 100 bytes TLSv1.2 (IN), TLS alert, Client hello (1): Empty reply from server
Please let me know all the read permissions required.
I am trying to figure out how to use this tool using either aws sts get-session-token
or the UseAWSRole
option but I can't seem to make this work.
Are there any examples or documentation on how use those options?
I've tried using the access keys that I get from running aws sts get-session-token
as well as running curl -k -v -u admin:pass --raw --data '{"credential":[{"UseAWSRole":"True"}]}' https://localhost:9083/discover
. Both result in no error logged in the container and the only relevant output I get is "curl: (52) Empty reply from server"
This is most basically a question to the fact if is possible to use credentials retrieved from STS
aws sts get-session-token
Currently our insecure app detector only uses insecure connectivity checks.
It's important to verify that common apps are not deployed with common naive passwords.
In this feature, we will add additional brute-force detection (based on a pre-defined username/password list) to each app detector.
We should also enable the app detector to specify a custom password list (e.g., check password against default password in dockerhub repository page)
Hello,
I'm trying to run the docker image on cmd as you mentioned in the documentation. But it's getting failed with
Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "--restart": executable file not found in $PATH: unknown.`
error.
I updated the docker file as below;
`FROM golang:latest
WORKDIR /go/src/github.com/twistlock/cloud-discovery/
COPY . .
RUN go fmt ./...
RUN go vet ./...
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app cmd/server/main.go
FROM alpine:latest
RUN apk --no-cache add ca-certificates nmap
WORKDIR /licenses
COPY /licenses/* ./
WORKDIR /root/
COPY --from=0 /go/src/github.com/twistlock/cloud-discovery/app .
CMD ["./app"]
But it didn't work and got the same error previous one.
Could you please assist me on this point?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.