Veinmind-tools: container security toolset

Veinmind-tools is self-developed by chaitin technology, a container security toolset based on veinmind-sdk.

Toolset

veinmind-runner

veinmind-runner it’s a container security host developed by Chaitin Technology.

With the background of rich R&D experience, the chaitin team designed a plug-in system in veinmind-sdk. With the support of this plugin system, you only need to call the API provided by veinmind-sdk to automatically generate plugins that conform to standard specifications. (For specific code examples, see example) As a plugin platform, veinmind-runner will automatically scan the plugins that conform to the specification, and pass the image information that needs to be scanned to the corresponding plugins.

Feature

  • Automatically scan and register plugins in the current directory (including subdirectories)
  • Unified operation of plug-ins implemented in different languages
  • Plugins can communicate with runner, such as reporting events for alarming, etc.

veinmind-malicious

veinmind-malicious is a malicious file scanning tool for images developed by Chaitin Technology

Features

  • Quickly scan images for malicious files(ClamAV and VirusTotal have been supported )
  • Support container runtime such as docker / containerd
  • Support different output types like JSON / CSV / HTML

veinmind-weakpass

veinmind-weakpass is a weak password scanning tool for images developed by Chaitin Technology

Features
  • Quickly scan the weak password in the image
  • Support weak password macro definition
  • Support concurrent scanning for weak passwords
  • Support custom username and dictionary
  • Support container runtime containerd and dockerd

veinmind-sensitive

veinmind-sensitive is an image sensitive information scanning tool developed by Chaitin Technology

Features

  • Quickly scan images for sensitive information
  • Support custom sensitive information scanning rules
  • Support container runtime containerd and dockerd

veinmind-backdoor

veinmind-backdoor is a backdoor scanning tool for image developed by Chaitin Technology

Features

  • Quickly scan backdoors in the image

    pluginfunction
    crontabscan crontab config for backdoors
    bashrcscan bash startup scripts for backdoors
    sshdscan for sshd softlink backdoors
    servicescan for malicious system services
    tcpwrapperscan for tcpwrapper backdoors
  • Supports writing backdoor detection scripts in plugin mode

  • Support containerd/dockerd image backdoor scanning

veinmind-history

veinmind-history is an image anomaly history command scanning tool developed by Chaitin Technology

Features

  • Quickly scan the image for abnormal history commands
  • Support custom historical command detection rules
  • Support two container runtime containerd and dockerd

veinmind-asset

veinmind-asset is mainly used to scan the internal asset information of images and containers

Features

  • Scan image OS information
  • Scan the packages information installed in the image
  • Scan the libraries installed by the application in the image

Cloud-native infrastructure compatibility

NameTypeCompatibility
JenkinsCI/CD✔️
Gitlab CICI/CD✔️
Github ActionCI/CD✔️
DockerHubRegistry✔️
Docker RegistryRegistry✔️
HarborRegistry✔️
DockerRuntime✔️
ContainerdRuntime✔️

Changelog v2.1.2

Feature

  • feat(veinmind-weakpass): support ftp @ek1ng in #226
  • feat(veinmind-iac): add dockerfile security detection by @ek1ng in #228

Fix

  • fix(ai): ignore basic info analyzer by @DVKunion in #218
  • fix(Makefile): add CGO_ENBALED && update(dependency): update dependency version by @ek1ng in #221
  • fix(CI/CD): change goproxy settings by @ek1ng in #222

Others

  • doc: update README.md by @DVKunion in #219

Install & Use