Skip to content

maThmatics/salus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

.circleci

.circleci

 
 

bin

bin

 
 

docs

docs

 
 

lib

lib

 
 

spec

spec

 
 

.gitignore

.gitignore

 
 

.rspec

.rspec

 
 

.rubocop.yml

.rubocop.yml

 
 

.ruby-version

.ruby-version

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Dockerfile

Dockerfile

 
 

Dockerfile.tests

Dockerfile.tests

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

README.md

README.md

 
 

logo.png

logo.png

 
 

node_SHASUMS256.txt

node_SHASUMS256.txt

 
 

package.json

package.json

 
 

salus-default.yaml

salus-default.yaml

 
 

yarn.lock

yarn.lock

 
 

Repository files navigation

Salus

Salus: Guardian of Code Safety and Security

CircleCI

🔍 Overview

Salus, named after the Roman goddess of protection, is a tool for coordinating the execution of security scanners. You can run Salus on a repository via the Docker daemon and it will determine which scanners are relevant, run them and provide the output. Most scanners are other mature open source projects which we include directly in the container.

# Always run Salus from the root of your repository.
cd /path/to/repo

# One line command to run Salus locally with default configuration.
docker run --rm -t -v $(pwd):/home/repo coinbase/salus

Salus is particularly useful for CI/CD pipelines because it becomes a centralized place to coordinate scanning across a large fleet of repositories. Typically, scanners are configured at the repository level for each project. This means that when making org wide changes to how the scanners are run, each repository must be updated. Instead, you can update Salus and all builds will instantly inherit the change.

Salus supports powerful configuration that allows for global defaults and local tweaks. Finally, Salus can report metrics on each repository, such as what packages are included or what concerns exist. These reports can be centrally evaluated in your infrastructure to allow for scalable security tracking.

Supported Scanners

  • BundleAudit - Execution of bundle-audit, looks for CVEs in ruby gem dependencies.
  • Brakeman - Execution of Brakeman, looks for vulnerable code in Rails projects.
  • npm audit - Execution of npm audit which looks for CVEs in node module dependencies.
  • PatternSearch - Looks for certain strings in a project that might be dangerous or could require that certain strings be present.

Salus also parses dependency files and reports on what libraries and version are being used in any given project. This can be useful for tracking dependencies across your fleet.The currently supported languages are:

  • Ruby
  • Node
  • Python
  • Go

If you would like to build customer scanners or support more languages that are not currenclty supported, you can use this method of building custom Salus images.

Detailed Documentation

👷‍♂️ Development

Contribution to this project is extremely welcome and it's our sincere hope that the work we've done to this point only serves as a foundation for allowing the security/development communities as a whole to come together to improve the security of everyone's infrastructure.

You can read more about getting your development environment set up, or the architecture of Salus.

📃 License

This project is available open source under the terms of the Apache 2.0 License.

About

Security scanner coordinator

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

141 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages