Skip to content
Checklist and tools for increasing security of Apache Airflow
Python Shell
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
airflowscan converted to anymarkup 0.8; fixed tests Jul 25, 2019
data changing schema title Jul 25, 2019
scripts fix Jul 18, 2019
tests converted to anymarkup 0.8; fixed tests Jul 25, 2019
.gitignore adding linter Jul 14, 2019
.travis.yml adding linter Jul 14, 2019
CHANGELOG.md bumping to v0.1.2 Jul 18, 2019
LICENSE Initial commit Jul 11, 2019
README.md fix Jul 15, 2019
requirements.txt converted to anymarkup 0.8; fixed tests Jul 25, 2019
setup.cfg adding linter Jul 14, 2019
setup.py adding build script Jul 15, 2019

README.md

airflowscan

PyPI version Build Status codecov GitHub

Checklist and tools for increasing security of Apache Airflow.

DISCLAIMER

This project NOT AFFILIATED with the Apache Foundation and the Airflow project, and is not endorsed by them.

Contents

The purpose of this project is provide tools to increase security of Apache Airflow. installations. This projects provides the following tools:

  • Configuration file with hardened settings - see hardened_airflow.cfg.
  • Security checklist for hardening default installations - see CHECKLIST.MD.
  • Static analysis tool to check Airflow configuration files for insecure settings.
  • JSON schema document used for validation by the static analysis tool - see airflow_cfg.schema

Information for the Static Analysis Tool (airflowscan)

The static analysis tool can check an Airflow configuration file for settings related to security. The tool convers the config file to JSON, and then uses a JSON Schema to do the validation.

Requirements

Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on Python 3.7 but should work on other 3.x releases. No plans to 2.x support at this time.

Installation

You can install this via PIP as follows:

pip install airflowscan
airflowscan

To download and run manually, do the following:

git clone https://github.com/nightwatchcybersecurity/airflowscan.git
cd airflowscan
pip -r requirements.txt
python -m airflowscan.cli

How to use

To scan a configuration file, do the following command:

airflowscan scan some_airflow.cfg

Reporting bugs and feature requests

Please use the GitHub issue tracker to report issues or suggest features: https://github.com/nightwatchcybersecurity/airflowscan

You can also send emai to research /at/ nightwatchcybersecurity [dot] com

You can’t perform that action at this time.