By Ocurity Security scanning,results unification and enrichment tool (ASOC) - forked and rewritten from @thought-machine/dracon
Security pipelines on Kubernetes. The purpose of this project is to provide a scalable and flexible framework to execute arbitrary security scanning tools on code and infrastructure while processing the results in a versatile way.
flowchart LR
S["Code Setup & Build"]
P_GoSec["Producer - GoSec (Golang)"]
P_SecBugs["Producer - SpotBugs (Java)"]
P_Bandit["Producer - Bandit (Python)"]
P_TFSec["Producer - TFSec (Terraform)"]
P_Aggregator["Producer - Results Aggregation"]
E_Deduplication["Enricher - Deduplication"]
E_Policy["Enricher - Policy"]
E_Aggregator["Enricher - Enriched Results Aggregator"]
C_Slack["Consumer - Slack"]
C_Elasticsearch["Consumer - Elasticsearch"]
C_Jira["Consumer - Jira"]
S-->P_TFSec
S-->P_GoSec
S-->P_SecBugs
S-->P_Bandit
P_TFSec-->P_Aggregator
P_GoSec-->P_Aggregator
P_SecBugs-->P_Aggregator
P_Bandit-->P_Aggregator
P_Aggregator-->E_Deduplication
P_Aggregator-->E_Policy
E_Policy-->E_Aggregator
E_Deduplication-->E_Aggregator
E_Aggregator-->C_Slack
E_Aggregator-->C_Elasticsearch
E_Aggregator-->C_Jira
The Getting started with KinD tutorial explains how to get started with Dracon. You can also access our community contributed pipelines here
More tutorials:
| Name | Description |
|---|---|
| Getting started with KinD | Quickstart guide on how to get started with Dracon using KinD |
| Getting started with Please and K3D | Beginner guide on how to get started with Dracon using Please w/ K3D |
| Running our demo pipeline | End to end demo of running an example pipeline |
This version of Dracon was announced at OWASP Appsec Dublin in 2023. Check out the slides and the video of the presentation.
If you have questions, reach out to us by opening a new issue on Github.
Contributions are welcome, see the developing and releasing guides on how to get started.
Dracon is under the Apache 2.0 license. See the LICENSE file for details.