Metadata-Version: 2.1
Name: coguard-cli
Version: 0.1.7
Summary: A command line interface for scanning configuration files with CoGuard
Home-page: https://github.com/coguardio/coguard-cli
Author: Heinle Solutions Inc.
Author-email: albert@coguard.io
Project-URL: Bug Tracker, https://github.com/coguardio/coguard-cli/issues
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Requires-Python: >=3.6
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests

![Coguard Logo](https://github.com/coguardio/coguard-cli/raw/master/logo.png)

# CoGuard

## Why CoGuard

Infrastructure as Code (IaC) is here to stay. The versioning and
continuous scanning of every layer of your IT (on premise and cloud)
infrastructure is crucial.

CoGuard's team observed that there are a lot of policy checks on the layers
communicating to the cloud, but the configurations inside specific
compute devices such as physical servers, virtual machines or
containers are mostly neglected, or have silo-ed solutions at best.

In order to have static analysis practices for IaC that go as deep as
the available tools for code, every layer needs to be equally addressed.

In our practice, we observed that, at times, even an awareness of
locations of configuration files is lacking. This is why we created a
command line tool helping with discovering those configurations, and
scanning them.

As an initial starting point for the CLI, we chose Docker images. Modern
container scanners check for versions of software and libraries
installed on those containers, and establish if there are common known
vulnerabilities and exposures (CVEs). The
CoGuard CLI is trying to find known configuration files for e.g. web
servers or databases, and scans these for security and best practice.
Additionally, the last Docker file used to create an image is analyzed
as well.

## Introduction to the CoGuard CLI

CoGuard is a comprehensive static analysis tool for IT infrastructure
configurations (cloud and on-premise).

This project is the command line interface to CoGuard, with additional
auto-discovery functionality.

In its current release, it scans Docker images and its contents.
In particular, it searches for known configuration files of different
software packages (like webservers, databases, etc.), and scans these
configurations for security and best practice.

## How to install it

CoGuard CLI can either be pulled from this repository and used
directly, or installed via pip:

```
pip install coguard-cli
```

Keep in mind that it is a requirement to have Docker installed locally.

## How to use it

After installing the CoGuard CLI, you can run a scan on your local images
using

```
coguard docker-image [<YOUR-IMAGE-NAME-OR-ID>]
```

If you omit the image ID parameter, CoGuard will scan all the images currently
stored on your device.

This step requires you to create a CoGuard account.
After completion, this image check will return the findings of CoGuard
on this particular image.

Here is a screenshot of a sample scan:

![](./screenshot.png)

## Current support and future plans

The currently supported auto-discovery of configuration files inside
Docker containers is limited to the finders
[in this folder](https://github.com/coguardio/coguard-cli/tree/master/src/coguard_cli/image_check/config_file_finders). This list
will expand in the future. In addition, we are scanning the
Dockerfile used to create the images, and will add some Linux
configuration files in the near future.

## Learn more

- [CoGuard Website](https://www.coguard.io)
- [CoGuard Blog](https://www.coguard.io/blog)
