Page MenuHomeGRNET
Files F382351

README.md
No OneTemporary
Actions

File Metadata

Created
Sat, Jan 18, 3:47 AM

README.md
View Options

# Security-tools
This repo holds all containerized security tools that we want to run against our web applications
## Jenkins Jobs Builder
### Description
Jenkins jobs builder or JJB is an [Openstack](https://www.openstack.org/) tool that takes
simple descriptions of Jenkins jobs in YAML or JSON and uses them to configure Jenkins.
This helps keeping jobs in a human readable format in a version control system, and to make changes and auditing easier.
### Project structure
Under *jobs/* you can find the *projects* and *tools-templates*.
**projects** contains all active projects that we currently audit regularly, and so we run several tools against.
**tools-templates** contains all tools' templates and two important *job-groups*:
- The first job-group is the *dynamic-tools* group that contains all dynamic analysis tools, e.g. nmap, ZAP
- The second job-group is the *static-tools* group that contains all static analysis tools, e.g. bandit
All other tools templates are tool specific, for example, the template for nmap follows:
```yaml
- job-template:
name: '{name}-nmap'
description: "Nmap scanner"
concurrent: true
domain:
builders:
- shell: |
#!/bin/bash -e
docker pull linosgian/nmap
mkdir -p /tmp/nmap
docker run --rm linosgian/nmap {domain} {nmap_extra_args} | tee /tmp/nmap/{name}
triggers:
- timed: '@hourly'
```
The above sets several default value for name, description etc. Next we declare the "builder", which is
how we will run the nmap inside the container. And lastly, how often will the job be triggered. In this
example we run it ~hourly~.
## Tools
Under *tools/* you will find every containerized tool that is available for use in the
jenkinks jobs builder (jjb) templates. Hence in the example above, we pull *linosgian/nmap* from
docker's public repository, this docker image generated by the Dockerfile under *tools/nmap/Dockerfile*

Event Timeline