Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
integrations
README.md

README.md

federacy.sh


Host and Container Scans

federacy.sh can be used to install Federacy, scan a host, and/or scan one or more containers on a host.

It can also be used in Docker builds and Google Container Builder, as demonstrated in the other integrations.


Configuration

The following table lists the configurable parameters of federacy.sh and their default values.

Parameter Description Default
FEDERACY_DIR install directory /home/federacy
FEDERACY_USER install user federacy
FEDERACY_BASE_URL base Federacy url https://app.federacy.com
FEDERACY_ASSET_URL asset url for federacy.sh and fedc FEDERACY_BASE_URL/assets
FEDERACY_HOST_URL host api url FEDERACY_BASE_URL/hosts
FEDERACY_SCAN_URL scan api url FEDERACY_BASE_URL/scan_results
FEDERACY_CVE_URL cve api url http://cve.federacy.com:1324
FEDERACY_API_USERNAME api username nil
FEDERACY_API_TOKEN api token nil
CONTAINERS comma-separated list of containers to scan. ${running} to scan all running containers nil

Dependencies

federacy.sh currently depends on:

  • bash
  • cat
  • curl
  • cut
  • grep
  • hostname

notes:

  • on centos, redhat, and fedora, yum-plugin-changelog is installed as it is required by vuls

Vuls dependencies

vuls requires a package manager to be installed and any additional packages required to view changelogs.


Privileges required

Active scans

  • federacy.sh requires root to prepare a host for scanning, but scans are run by a user with as few privileges as possible to list packages installed and view changelogs.
  • Docker build scans use root to avoid depending on sudo, but can be configured otherwise
  • All, some, or none of the running containers can be scanned on host scans

Passive scans

We're working on registry scanning, please reach out if this interests you.


Credentials

  1. Sign up for a free account at app.federacy.com
  2. Click Add Host
  3. Replace $USERNAME and $TOKEN in the examples below

Curl install

curl https://app.federacy.com/assets/federacy.sh | FEDERACY_API_USERNAME=$USERNAME FEDERACY_API_TOKEN=$TOKEN bash -s install

Git install

git clone https://github.com/federacy/federacy.sh && cat federacy.sh/federacy.sh | FEDERACY_API_USERNAME=$USERNAME FEDERACY_API_TOKEN=$TOKEN bash -s install

Scan

curl https://app.federacy.com/assets/federacy.sh | FEDERACY_API_USERNAME=$USERNAME FEDERACY_API_TOKEN=$TOKEN bash -s scan

or

/home/federacy/federacy.sh -s scan

Check

Check will query the Federacy API for the last scan result and exit 0 if there are no vulnerabilities and 1 if there are.

curl https://app.federacy.com/assets/federacy.sh | FEDERACY_API_USERNAME=$USERNAME FEDERACY_API_TOKEN=$TOKEN bash -s check

or

/home/federacy/federacy.sh -s check