Container Safety Determination (CSD) is an open source scanning and monitoring tool that lets engineers examine the safety state of their containers. The tool works for both images and containers, and can be configured to work without user intervention.
CSD detects suspicious files by comparing all the files of a given image with a database of known malicious and non-malicious binaries in order to determine how safe an image is. The security engineer works on the feedback received for a particular image and takes action accordingly.
Rahul Sharma
Jeremy Mwenda
Renqing Gao
Kostas Papadopoulos
Mentored by: Sastry S Duri (IBM Research)
Prerequisites
sudo apt-get -y install python-pip rabbitmq-server git wget clamav docker-compose
sudo pip install Flask
pip install elasticsearch
pip install pika
pip install -U flask-cors
sudo apt-get -y install python-pip rabbitmq-server git wget clamav docker-compose
sudo pip install Flask
pip install elasticsearch
pip install pika
pip install -U flask-cors
Installation:
Installation steps
CSD works by listening for notifications from an assigned Docker registry. Whenever someone pushes a new image, CSD pulls that image and proceeds to compute similarity digest hashes of all its files. CSD utilizes sdhash to compare files from an image to a reference data set of known files stored in elasticsearch database. The files that are not found in the database or are deemed to be different from the reference files, can then be sent to external scanning tools for further analysis. We have currently integrated ClamAV as an external scanner for such files.
The end-goal of the CSD design is to provide a customizable and scalable way for engineers to check safety related attributes of image files in order to help them decide the if an image is safe.
More detailed documentation of our project can be found on the project wiki page. The wiki includes: