DongTai-agent-go is the data collection terminal developed by Dongtai IAST for Go applications. In the Go application with the iast-agent agent, the required data is collected by rewriting the assembly address, and then the data is sent to the DongTai-openapi service, and the cloud engine processes the data to determine whether there are security vulnerabilities.
DongTai-agent-go is composed of three main parts: core
, run
, and service
, among which:
run
is used to run the agent of the package that needs to be instrumented on demand
core
is the core package, and its main functions are: bytecode instrumentation, data collection, data preprocessing, data reporting, third-party component management, etc.
service
is used to obtain the request sent by the application and the response received, for data display and request replay function.
DevOps process
Safety test before going live
Third-party component management
Code audit
0 Day mining
Please refer to: Quick Start
-
Fork DongTai-agent-go project to your github repository and clone the project:
git clone https://github.com/<your-username>/DongTai-agent-go
-
Write code according to requirements
-
Contribute code. If you want to contribute code to the Dongtai IAST team, please read the complete Contribution Guide
Go 1.11+
Gin, Gorm and other mainstream software and middleware