Skip to content
/ openclarity Public

OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure

openclarity.io

License

Apache-2.0 license
1.3k stars 165 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

openclarity/openclarity

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,987 Commits
.github
.github
 
 
api
api
 
 
assets
assets
 
 
cli
cli
 
 
containerruntimediscovery
containerruntimediscovery
 
 
core
core
 
 
docs
docs
 
 
e2e
e2e
 
 
installation
installation
 
 
makefile.d
makefile.d
 
 
orchestrator
orchestrator
 
 
plugins
plugins
 
 
provider
provider
 
 
rfc
rfc
 
 
scanner
scanner
 
 
testenv
testenv
 
 
ui
ui
 
 
uibackend
uibackend
 
 
utils
utils
 
 
workflow
workflow
 
 
.dockerignore
.dockerignore
 
 
.families.yaml
.families.yaml
 
 
.gitignore
.gitignore
 
 
.go-version
.go-version
 
 
.golangci.yml
.golangci.yml
 
 
.licensei.toml
.licensei.toml
 
 
ARCHITECTURE.md
ARCHITECTURE.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
GOALS.md
GOALS.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
RELEASE.md
RELEASE.md
 
 
SECURITY.md
SECURITY.md
 
 
cliff.toml
cliff.toml
 
 
ct.yaml
ct.yaml
 
 
docker-bake.hcl
docker-bake.hcl
 
 
renovate.json
renovate.json
 
 
versions.yaml
versions.yaml
 
 

Repository files navigation

OpenClarity Logo

Slack Invite GitHub Workflow Status

OpenClarity is an open source tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations and leaked secrets.

OpenClarity demo

Join OpenClarity's Slack channel to hear about the latest announcements and upcoming activities. We would love to get your feedback!

Table of Contents

Why OpenClarity?

Virtual machines (VMs) are the most used service across all hyperscalers. AWS, Azure, GCP, and others have virtual computing services that are used not only as standalone VM services but also as the most popular method for hosting containers (e.g., Docker, Kubernetes).

VMs are vulnerable to multiple threats:

  • Software vulnerabilities
  • Leaked Secrets/Passwords
  • Malware
  • System Misconfiguration
  • Rootkits

There are many very good open source and commercial-based solutions for providing threat detection for VMs, manifesting the different threat categories above.

However, there are challenges with assembling and managing these tools yourself:

  • Complex installation, configuration, and reporting
  • Integration with deployment automation
  • Siloed reporting and visualization

The OpenClarity project is focused on unifying detection and management of VM security threats in an agentless manner.

Getting started

For step-by-step guidance on how to deploy OpenClarity across different environments, including AWS, Azure, GCP, and Docker, click on this link and choose your preferred provider for detailed deployment instructions.

Overview

OpenClarity uses a pluggable scanning infrastructure to provide:

  • SBOM analysis
  • Package and OS vulnerability detection
  • Exploit detection
  • Leaked secret detection
  • Malware detection
  • Misconfiguration detection
  • Rootkit detection

The pluggable scanning infrastructure uses several tools that can be enabled/disabled on an individual basis. OpenClarity normalizes, merges and provides a robust visualization of the results from these various tools.

These tools include:

* Windows only
** Linux and MacOS only

Usage modes

OpenClarity can be used multiple ways to fit different needs:

1. OpenClarity stack

As a complete stack, OpenClarity provides an integrated solution to

  • discover assets in your environment,
  • manage scan configurations, schedule and execute scans,
  • visualize the results on a dashboard.

For the deployment instructions visit this page: Getting started.

2. CLI

OpenClarity can be used as a standalone command line tool to run the supported scanner tools.

  1. Download openclarity-cli from the GitHub releases page.

  2. Create a configuration file, make sure to enable the scanner families you need. An example can be found here: .families.yaml

  3. Execute the following command:

    openclarity-cli scan --config .families.yaml

3. Go module

Import the github.com/openclarity/openclarity/scanner package to run a scan with OpenClarity’s family manager from your code.

Example: scan.go

Asset discovery

OpenClarity stack supports the automatic discovery of assets in the following providers:

Provider Asset types Scope
Docker Docker containers and images Local Docker daemon
Kubernetes Docker containers and images Cluster
AWS Virtual machines (EC2 instances) Account (all regions)
Azure Virtual machines Subscription
GCP Virtual machines Project

Supported filesystems

The following filesystem operations are supported on different host types:

Host List block devices Mount Ext2, Ext3, Ext4 Mount XFS Mount NTFS
Linux Supported Supported Supported Supported
Darwin Supported Supported Supported Supported
Windows Not supported Not supported Not supported Not supported

Architecture

A high-level architecture overview is available here.

Roadmap

OpenClarity project roadmap is available here.

Contributing

If you are ready to jump in and test, add code, or help with documentation, please follow the instructions on our contributing guide for details on how to open issues, setup OpenClarity for development and test.

Code of Conduct

You can view our code of conduct here.

License

Apache License, Version 2.0

About

OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure

openclarity.io

Topics

kubernetes security cloud virtual-machine scanner malware supply-chain exploits vulnerabilities rootkits leaked-secrets sbom

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

1.3k stars

Watchers

31 watching

Forks

165 forks
Report repository

Releases 3

Release v1.1.0 Latest
Oct 24, 2024
+ 2 releases

Packages

 
 
 

Contributors 56

+ 42 contributors

Languages