Skip to content

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues.

License

Notifications You must be signed in to change notification settings

carbonetes/brainiac

Repository files navigation

BrainIAC

Github All Releases Go Report Card GitHub release GitHub go.mod Go version License: Apache-2.0 Docker Pulls

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues. The BrainIAC tool performs a comprehensive code scan and generates reports containing detailed insights into the identified issues.

Features

  • 🔍 | Scans IAC Code for misconfiguration.
  • 📁 | Has hundreds of pre-defined rules.
  • 📁 | Scans a target directory to fill in multiple results.
  • ⛑ | Works with major platforms.
  • 🗄 | Converts between formats such as JSON and Table BrainIAC own format.

Supported Platform

Installation 📥

Installation Support OS 💽

  • Mac
    • darwin_amd64.tar.gz
    • darwin_arm64.tar.gz
  • Linux
    • deb
      • linux_amd64.deb
      • linux_arm64.deb
      • linux_ppc64le.deb
    • rpm
      • linux_amd64.rpm
      • linux_arm64.rpm
      • linux_ppc64le.rpm
    • tar.gz
      • linux_amd64.tar.gz
      • linux_arm64.tar.gz
      • linux_ppc64le.tar.gz
  • Windows
    • windows_amd64.zip

Recommended

curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d /usr/local/bin

you can specify a release version and destination directory for the installation:

curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d <DESTINATION_DIR> -v <RELEASE_VERSION>

Getting Started 🚀

Scan a single file

brainiac -f <file>

Scan multiple file in a directory

brainiac -d .

Using Docker

docker pull carbonetes/brainiac

Scan a directory

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -d /tmpPath

Scan a single file

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -f /path/{filename}.{extension}

The output format for BrainIAC is configurable as well using the -o (or --output) option:

The available formats are:

  • table: A Tabular summary (default).
  • json: Use this to get as much information out of BrainIAC.

Available Commands and their flags with description:

brainiac [flag]
Root Flags Description
-f, --file File to scan
-d, --dir Read directly from a path on disk (any directory) (e.g. 'BrainIAC -d path/to/dir)' (can not be used together with --file).
-o, --output Format to display results (table, json) (default "table")
-v, --version Print BrainIAC version
c, --check Each item should be a BrainIAC check ID(CB_K8S_023), and you can enter multiple items separated by commas. Only the specified checks will be executed, and any other checks will be skipped.
--skip-check The same behavior applies to the --check flag, where you can enter multiple items separated by commas. However, only the specified checks will be skipped, and all other checks will be executed.
--severity-criteria This is used to specify the severity level for filtering results. Only checks with a severity equal to or higher than the specified criteria will be included.([low medium high critical])

License

Apache 2.0

About

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages