Skip to content

smithy-security/smithy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ee08d69 · Sep 21, 2024
Sep 21, 2024
Jun 12, 2024
Feb 15, 2023
Aug 8, 2024
Sep 21, 2024
Sep 16, 2024
Sep 12, 2024
Sep 21, 2024
Sep 21, 2024
Aug 22, 2024
Mar 12, 2024
Sep 16, 2024
Aug 8, 2024
May 15, 2024
Aug 30, 2024
Feb 15, 2023
Sep 5, 2024
Apr 30, 2024
Jul 2, 2024
Dec 13, 2019
Sep 16, 2024
Sep 5, 2024
Jun 12, 2024
Feb 15, 2023
Feb 15, 2023
Aug 30, 2024
Aug 30, 2024
Sep 16, 2024
Sep 16, 2024
May 5, 2024

Repository files navigation

Dracon

Lint Format Test Publish

dracon-logo-dark-mode

dracon-logo-light-mode

By Ocurity Security scanning,results unification and enrichment tool (ASOC)

Security pipelines on Kubernetes. The purpose of this project is to provide a scalable and flexible framework to execute arbitrary security scanning tools on code and infrastructure while processing the results in a versatile way.

Loading
flowchart LR
    S["Code Setup & Build"]

    P_GoSec["Producer - GoSec (Golang)"]
    P_SecBugs["Producer - SpotBugs (Java)"]
    P_Bandit["Producer - Bandit (Python)"]
    P_TFSec["Producer - TFSec (Terraform)"]

    P_Aggregator["Producer - Results Aggregation"]

    E_Deduplication["Enricher - Deduplication"]
    E_Policy["Enricher - Policy"]
    E_Aggregator["Enricher - Enriched Results Aggregator"]

    C_Slack["Consumer - Slack"]
    C_Elasticsearch["Consumer - Elasticsearch"]
    C_Jira["Consumer - Jira"]

    S-->P_TFSec
    S-->P_GoSec
    S-->P_SecBugs
    S-->P_Bandit

    P_TFSec-->P_Aggregator
    P_GoSec-->P_Aggregator
    P_SecBugs-->P_Aggregator
    P_Bandit-->P_Aggregator

    P_Aggregator-->E_Deduplication
    P_Aggregator-->E_Policy

    E_Policy-->E_Aggregator
    E_Deduplication-->E_Aggregator

    E_Aggregator-->C_Slack
    E_Aggregator-->C_Elasticsearch
    E_Aggregator-->C_Jira


Getting Started

The Getting Started tutorial explains how to get started with Dracon. You can also access our community contributed pipelines here.

Announcements

This version of Dracon was announced at OWASP Appsec Dublin in 2023. Check out the slides and the video of the presentation.

Support

If you have questions, reach out to us by opening a new issue on GitHub.

Development & Contributing

Contributions are welcome, see the developing and releasing guides on how to get started.

License

Dracon is under the Apache 2.0 license. See the LICENSE file for details.