Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.textile

Container Safety Determination (CSD) is an open source scanning and monitoring tool that lets engineers examine the safety state of their containers. The tool works for both images and containers, and can be configured to work without user intervention.

CSD detects suspicious files by comparing all the files of a given image with a database of known malicious and non-malicious binaries in order to determine how safe an image is. The security engineer works on the feedback received for a particular image and takes action accordingly.

Rahul Sharma
Jeremy Mwenda
Renqing Gao
Kostas Papadopoulos

Mentored by: Sastry S Duri (IBM Research)


Project Demo

Prerequisites
sudo apt-get -y install python-pip rabbitmq-server git wget clamav docker-compose
sudo pip install Flask
pip install elasticsearch
pip install pika
pip install -U flask-cors
Docker installation
wget -qO- https://get.docker.com/ | sh
sudo usermod -aG docker $(whoami)
reboot
Installation:
Installation steps

What it does:

Detect New Image —> Pull —> Hash —> Compare

CSD works by listening for notifications from an assigned Docker registry. Whenever someone pushes a new image, CSD pulls that image and proceeds to compute similarity digest hashes of all its files. CSD utilizes sdhash to compare files from an image to a reference data set of known files stored in elasticsearch database. The files that are not found in the database or are deemed to be different from the reference files, can then be sent to external scanning tools for further analysis. We have currently integrated ClamAV as an external scanner for such files.

The end-goal of the CSD design is to provide a customizable and scalable way for engineers to check safety related attributes of image files in order to help them decide the if an image is safe.


More detailed documentation of our project can be found on the project wiki page. The wiki includes:

Contributors:

About

No description, website, or topics provided.

Resources

License

Releases

No releases published

Contributors 4

  •  
  •  
  •  
  •  
You can’t perform that action at this time.