dagda: perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats
Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running Docker containers for detecting anomalous activities.
In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis is in progress.
Then, when you run a static analysis of known vulnerabilities, Dagda retrieves information about the software installed into your docker images, such as the OS packages and the dependencies of the programming languages, and verifies for each product and its version if it is free of vulnerabilities against the previously stored information into the MongoDB. Also, Dagdauses ClamAV as antivirus engine for detecting Trojans, viruses, malware & other malicious threats included within the docker images/containers.
Dagda supports multiple Linux base images:
- Red Hat/CentOS/Fedora
On the other hand, Dagda is integrated with Sysdig Falco for monitoring running Docker containers to detect anomalous activities. Also, Dagda includes the gathering of real-time events from docker daemon.
Finally, each analysis report of a docker image/container, included all static analysis and all runtime monitoring, is stored into the same MongoDB for having available the history of each docker image/container when it is needed.
- Added ClamAV as antivirus engine for detecting trojans, viruses, malware & other malicious threats thanks to ClamAV docker image: geekduck/clamav
- Replaced deepfenceio/deepfence_depcheck with 3grander/4depcheck.
- Supported Dagda integration with an external Sysdig Falco (Dagda doesn’t start its own Sysdig Falco and it will read the output file generated by the external Sysdig Falco).
- Dagda includes the gathering of real time events from docker daemon.
- Added new vulnerabilities to VulnDB – source OVAL definitions for Red Hat Enterprise Linux 3 and above:
- RHBAs (Red Hat Bug Advisories)
- RHSAs (Red Hat Security Advisories)
- Created a Continuous Delivery flow with Travis CI for publishing the Dagda docker image to Docker Hub: 3grander/dagda
- Bug fixing
Copyright 2018 Elías Grande Rubio