search

openclarity / vmclarity

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
openclarity.io
Apache License 2.0
102 stars 22 forks source link
agentless cloud exploits leaked-secrets malware misconfigurations rootkits sbom secrets-detection security vulnerabilities vulnerability-scanners

readme

VMClarity Logo

Slack Invite Go Reference GitHub Workflow Status Go Report Card

VMClarity is an open source tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations and leaked secrets.

VMClarity demo

Join VMClarity's Slack channel to hear about the latest announcements and upcoming activities. We would love to get your feedback!

Table of Contents

Why VMClarity?

Virtual machines (VMs) are the most used service across all hyperscalers. AWS, Azure, GCP, and others have virtual computing services that are used not only as standalone VM services but also as the most popular method for hosting containers (e.g., Docker, Kubernetes).

VMs are vulnerable to multiple threats:

There are many very good open source and commercial-based solutions for providing threat detection for VMs, manifesting the different threat categories above.

However, there are challenges with assembling and managing these tools yourself:

The VMClarity project is focused on unifying detection and management of VM security threats in an agentless manner.

Getting started

For step-by-step guidance on how to deploy VMClarity across different environments, including AWS, Azure, GCP, and Docker, click on this link and choose your preferred provider for detailed deployment instructions.

Overview

VMClarity uses a pluggable scanning infrastructure to provide:

The pluggable scanning infrastructure uses several tools that can be enabled/disabled on an individual basis. VMClarity normalizes, merges and provides a robust visualization of the results from these various tools.

These tools include:

* Windows only\ ** Linux and MacOS only

Usage modes

VMClarity can be used multiple ways to fit different needs:

1. VMClarity stack

As a complete stack, VMClarity provides an integrated solution to

For the deployment instructions visit this page: Getting started.

2. CLI

VMClarity can be used as a standalone command line tool to run the supported scanner tools.

  1. Download vmclarity-cli from the GitHub releases page.
  2. Create a configuration file, make sure to enable the scanner families you need. An example can be found here: .families.yaml

  3. Execute the following command:

    vmclarity-cli scan --config .families.yaml

3. Go module

Import the github.com/openclarity/vmclarity/scanner package to run a scan with VMClarity’s family manager from your code.

Example: scan.go

Asset discovery

VMClarity stack supports the automatic discovery of assets in the following providers:

Provider Asset types Scope
Docker Docker containers and images Local Docker daemon
Kubernetes Docker containers and images Cluster
AWS Virtual machines (EC2 instances) Account (all regions)
Azure Virtual machines Subscription
GCP Virtual machines Project

Supported filesystems

The following filesystem operations are supported on different host types:

Host List block devices Mount Ext2, Ext3, Ext4 Mount XFS Mount NTFS
Linux Supported Supported Supported Supported
Darwin Supported Supported Supported Supported
Windows Not supported Not supported Not supported Not supported

Architecture

A high-level architecture overview is available here.

Roadmap

VMClarity project roadmap is available here.

Contributing

If you are ready to jump in and test, add code, or help with documentation, please follow the instructions on our contributing guide for details on how to open issues, setup VMClarity for development and test.

Code of Conduct

You can view our code of conduct here.

License

Apache License, Version 2.0