twistlock / cloud-discovery Goto Github PK

what permissions do I need to assign to the gcp service account?

Are there plans to support Kubernetes platform?

It looks like Azure was added as a cloud provider for discovery, but how to use it isn't documented.

Currently only AWS is covered for cloud scans.
We need to add support for the following providers:

• Azure
• GCP
• IBM Cloud
• Oracle Cloud

when using
curl -k -v -u admin:pass --raw --data \ '{"credentials": [{"id":"<AWS_ACCESS_KEY>","secret":"<AWS_ACCESS_PASSWORD>"}]}' \ https://localhost:9083/discover

I get an empty response from the server:
upload completely sent off: 100 out of 100 bytes TLSv1.2 (IN), TLS alert, Client hello (1): Empty reply from server
Please let me know all the read permissions required.

I am trying to figure out how to use this tool using either aws sts get-session-token or the UseAWSRole option but I can't seem to make this work.

Are there any examples or documentation on how use those options?

I've tried using the access keys that I get from running aws sts get-session-token as well as running curl -k -v -u admin:pass --raw --data '{"credential":[{"UseAWSRole":"True"}]}' https://localhost:9083/discover. Both result in no error logged in the container and the only relevant output I get is "curl: (52) Empty reply from server"

This is most basically a question to the fact if is possible to use credentials retrieved from STS

aws sts get-session-token

Currently our insecure app detector only uses insecure connectivity checks.
It's important to verify that common apps are not deployed with common naive passwords.

In this feature, we will add additional brute-force detection (based on a pre-defined username/password list) to each app detector.
We should also enable the app detector to specify a custom password list (e.g., check password against default password in dockerhub repository page)

Add mapping for the following popular docker hub apps:

• RabbitMQ
• Redis
• Postgres
• Wordpress bruteforce support
• Elasticsearch
• Kibana
• Vault - ensure https configured
• Nats

Hello,
I'm trying to run the docker image on cmd as you mentioned in the documentation. But it's getting failed with

Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: exec: "--restart": executable file not found in $PATH: unknown.`
error.

I updated the docker file as below;

`FROM golang:latest
WORKDIR /go/src/github.com/twistlock/cloud-discovery/
COPY . .
RUN go fmt ./...
RUN go vet ./...
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app cmd/server/main.go
FROM alpine:latest
RUN apk --no-cache add ca-certificates nmap
WORKDIR /licenses
COPY /licenses/* ./
WORKDIR /root/
COPY --from=0 /go/src/github.com/twistlock/cloud-discovery/app .
CMD ["./app"]

But it didn't work and got the same error previous one.
Could you please assist me on this point?