Scan for IOCs as during CI/CD as well as at runtime

[sandman137]

Problem Statement:

Build a simple command line scanner which can be run in CI/CD plug-ins, at runtime to scan container images, running containers. hosts, volumes and more for known indicators of compromise pertaining to:

• Cryptominers
• Malware
• Malicious files, binaries and packages
• Live connections, and C2 activities
• Any malicious traces in file systems, log files etc

Why?

Multiple reasons to do these as part of CI/CD and at runtime to figure out

• Supply chain IOCs
• Am I pwned checks on production infrastructure
• No such tool exists for K8s and serverless so this fills a major gap

How?

YARA rule matching, its static but this seems to be the best way to exchange and add to community threat intel.

[shyam-dev]

Solved here https://github.com/deepfence/YaRadare/tree/main/ci-cd-integration

Further integrations are welcome !