search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.11k stars 78 forks source link

💡 Provide CherryBomb in an official Docker image #16

Closed AErmie closed 2 years ago

AErmie commented 2 years ago

Is your feature request related to a problem? Please describe. For users that want to run/use your tool in a CI/CD pipeline as part of a quality check, needing to install the tool locally may not always be an option.

Describe the solution you'd like I would like to see this tool be made available in an official Docker image like many other CLI-based tools provide (ie. AquaSec/Trivy, BridgeCrew/Checkov, etc.).

Describe alternatives you've considered A self-built container with the tool installed.

Additional context None

GuyL99 commented 2 years ago

I'll add it to the roadmap, we'll probably be able to get it stabilised in about two weeks, I'll update this issue once there is an rc of a container image

prakharporwal commented 2 years ago

Can I try this out ? I can write the Dockerfile and then your team will have to push it to the docker registry . I see you are using Rust here.

GuyL99 commented 2 years ago

Sure thing, thanks, if you need any help doing it you can tag me @GuyL99, or @DeliciousBounty or @RazMag, and we'll help you, or you can send us a message in the discord server:)

BartvdBerkHU commented 2 years ago

Hi, I want to make my first open source contribution by integrating this tool into another project in the form of a Kubernetes job, for this I need a container image. I could create this on my own, but saw this issue and don't want to perform duplicate work.

@prakharporwal Do you have an update on this issue already or maybe you have a working Dockerfile I could use for development?

GuyL99 commented 2 years ago

@prakharporwal if you need some help in order to finish it I'll add in @RazMag or @DeliciousBounty to help you. @BartvdBerkHU I appreciate the will to contribute, what OS project do you intend to integrate Cherrybomb to?

GitBurtHET commented 2 years ago

@GuyL99 it's an API fuzzer (uses Restler) for APIs running in Kubernetes: https://github.com/suecodelabs/cnfuzz

prakharporwal commented 2 years ago

@GuyL99 I have made a update on the PR can you check I am facing a issue. @RazMag My Docker file build but running it causing issue. @BartvdBerkHU I have a Dockerfile created but it has a small issue . I am discussing and looking into it.

39

RazMag commented 2 years ago

Cherrybomb is now available in an official docker container. see the readme for info on how to use it. Thank you for your help :)