Skip to content

Commit

Permalink
[Docs] Add Scaffolding for Gramine to documentation
Browse files Browse the repository at this point in the history 
Signed-off-by: Mariusz Zaborski <oshogbo@invisiblethingslab.com>
  • Loading branch information
@oshogbo @dimakuv
oshogbo authored and dimakuv committed Oct 19, 2023
1 parent e83ea91 commit 6583385
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 0 deletions.
8 changes: 8 additions & 0 deletions Documentation/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@ The following steps can be performed to protect your application with Gramine:

You can also check :doc:`Gramine tutorials<tutorials-index>`.

As a simplified way of protecting your application against malicious hosts you
can use Scaffolding for Gramine (SCAG). It is a tool which transforms your
application into a graminized Docker image, encapsulating both your application
and the Gramine Library OS. It offers seamless support for a variety of
frameworks, including but not limited to Flask and Express.js. For a more
in-depth exploration, see :doc:`scag-installation`.

Configure Gramine
-----------------

Expand Down Expand Up @@ -173,6 +180,7 @@ Indices and tables
installation
run-sample-application
tutorials-index
scag-installation

.. toctree::
:hidden:
Expand Down
34 changes: 34 additions & 0 deletions Documentation/scag-installation.rst
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
Scaffolding for Gramine
=======================

The Scaffolding for Gramine (SCAG) tool transforms your application
into a graminized Docker image, encapsulating both your application and
the Gramine Library OS. The primary objective of the Scaffolding project
is to simplify the process of safeguarding applications against malicious
hosts.

Setting itself apart from alternative solutions (like GSC), SCAG doesn't
transform a Docker image, instead it generates a whole Docker image from
the given projects. During the build process the required Dockerfile,
manifest file, and other required configuration files are generated
automatically for the user. A list of currently supported frameworks
can be found in
`documentation <https://gramine-scaffolding.readthedocs.io/en/latest/manpages/scag-setup.html#cmdoption-scag-setup-framework>`__
.

To speed up the process, SCAG offers a single command - ``scag-quickstart``.
This tool also guides user interactively through the entire process of
"graminizing" the application, from setting up the project to building it,
and finally running it. For more advanced usage of SCAG, users are encouraged
to refer to the documentation.

SCAG wraps the application with additional security measures, such as adding
SSL/TLS to plaintext-networking apps. All web-based frameworks, such as
Express.js and Flask, are preconfigured to operate behind
a web server (Nginx), with SSL/TLS and the RA-TLS extension.

Note that the SCAG tool is standalone and not part of core Gramine, and is
hosted here:

- https://github.com/intel/ScaffoldingForGramine -- GitHub repository,
- https://gramine-scaffolding.readthedocs.io/en/latest/ -- documentation.

0 comments on commit 6583385

Please sign in to comment.