DockerENT

DockerENT is an activE ruNtime application security scanning Tool (RAST tool). It is a pluggable framework written in Python. It comes with a CLI application and a clean Web Interface written using StreamLit.

DockerENT has been designed to detect weak security misconfigurations in production deployments which can lead to severe consequences. This application connects with running containers in the system and fetches the list of weak and vulnerable runtime configurations and generates a report. If invoked through a web interface, it can display the scan and audit report in the UI itself.

Features

• Plugin driven framework.
• Use low-level docker api to interact with running containers.
• Clean and Easy to Use UI.
• Comes with 9 docker scan plugins out of which, 6 plugins can audit results.
  • Entire list: Docker Scan Plugins
• Framework ready to work docker-networks.
  • Entire list: Docker Network Scan plugins
• Output plugins can write to file and html sinks.
• The only open-source interactive docker scanning tool.
• Can run plugins in parallel.
• Underactive development 😄.

Plugins Features:

CLI interface

Pros

• Rich Logging interface can help in easy debugging through extensive debug logs.
• Can run in parallel, just pass -n <count>, to specify the processors in parallel.
• Can dump output in JSON and HTML file.

Cons

• The audit output is not dumped to file.
• Selecting multiple specific dockers is pain.

UI Interface

Pros

• Clean, and easy to use UI.
• Everything at one single page.
• Ease of selecting multiple docker images, multiple plugins, and multiple docker-networks.
• Audit report present.

Cons

• Logging interface, not Rich.
• JSON reports are bulky.
• Rely on third party lib StreamLit, all issues with the framework are inherent.

Install & Use

Copyright (c) 2020 Rohit Sehgal