dracon

module

v0.18.11 Latest Latest Go to latest Published: Jan 19, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/thought-machine/dracon

Links

Open Source Insights

README ¶

Dracon

Security pipelines on Kubernetes. The purpose of this project is to provide a scalable and flexible tool to execute arbitrary tools on arbitrary code while processing the results in a flexible way.

Getting Started

The Getting started in Minikube tutorial explains how to install, configure, and run Dracon.

Installing

We have compiled binaries for dracon in under GitHub releases. dracon can quickly be installed into your home directory by executing:

bash <(curl -s https://raw.githubusercontent.com/thought-machine/dracon/master/scripts/install.sh)

Announcements

Dracon was announced at OWASP Appsec Amsterdam in 2019. Check out the slides from the presentation.

Support

If you have questions, reach out to us by opening a new issue on Github.

Development & Contributing

Contributions are welcome, see the developing and releasing guides on how to get started.

License

Dracon is under the Apache 2.0 license. See the LICENSE file for details.

Directories ¶

Path	Synopsis
cmd
dracon
dracon/cmd
enricher
common
jira/config
jira/document
jira/jira
consumers Package consumers provides helper functions for working with Dracon compatible outputs as a Consumer.	Package consumers provides helper functions for working with Dracon compatible outputs as a Consumer.
elasticsearch
jira_c
jira_c/utils
slack
slack/types
slack/utils
stdout_json
pkg
enrichment
enrichment/db
kubernetes
putil
template
version
producers Package producers provides helper functions for writing Dracon compatible producers that parse tool outputs.	Package producers provides helper functions for writing Dracon compatible producers that parse tool outputs.
dependency_check
docker_trivy
docker_trivy/types
elasticsearch_filebeat
elasticsearch_filebeat/types
golang_gosec
golang_nancy
golang_nancy/types
java_spotbugs
jira_producer
jira_producer/sync
mobsf Package main implements a Dracon producer for MobSF, a mobile security framework (https://github.com/MobSF/Mobile-Security-Framework-MobSF).	Package main implements a Dracon producer for MobSF, a mobile security framework (https://github.com/MobSF/Mobile-Security-Framework-MobSF).
mobsf/report Package report provides common types for scan report formats.	Package report provides common types for scan report formats.
mobsf/report/android Package android provides types and functions for working with Android project scan reports from MobSF.	Package android provides types and functions for working with Android project scan reports from MobSF.
mobsf/report/ios Package ios provides types and functions for working with iOS project scan reports from MobSF.	Package ios provides types and functions for working with iOS project scan reports from MobSF.
npm_audit
npm_audit/types Package types provides common types for audit report formats.	Package types provides common types for audit report formats.
npm_audit/types/npmfullaudit Package npmfullaudit provides types and functions for working with audit reports from npm's "Full Audit" endpoint (/-/npm/v1/security/audits) and transforming them into data structures understood by the Dracon enricher.	Package npmfullaudit provides types and functions for working with audit reports from npm's "Full Audit" endpoint (/-/npm/v1/security/audits) and transforming them into data structures understood by the Dracon enricher.
npm_audit/types/npmquickaudit Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher.	Package npmquickaudit provides types and functions for working with audit reports from npm's "Quick Audit" endpoint (/-/npm/v1/security/audits/quick) and transforming them into data structures understood by the Dracon enricher.
pipsafety
pipsafety/types
python_bandit
sarif
securityhub
semgrep
semgrep/types
typescript_eslint
typescript_eslint/types
typescript_tslint
typescript_tslint/types
yarn_audit
yarn_audit/types
zap_producer
zap_producer/types

Name	Description
Getting started in Minikube	Beginner guide on how to get started with Dracon
Running our demo pipeline	End to end demo of running an example pipeline
Example of using a public git repo	Example of running Dracon against a public git repository
Example of using a private git repo	Example of running Dracon against a private git repository
Creating your own pipeline	WIP: How to create your own custom dracon pipeline
Creating your own producer	WIP: Extending Dracon by creating your own custom producer
Creating your own consumer	WIP: Extending Dracon by creating your own custom consumer

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL