Reputation: 4511
How can check the common vulnerabilities in FIWARE components?
I would like to check the common vulnerabilities in some of FIWARE components that we are using in our platform, components list is given below.
- Cepheus
- Cygnus
- Orion
- STH-Comet
- QuantumLeap
- IoT Agent for JSON
- IoT Agent Node Lib
If any source is available over some FIWARE website or some other source, where we can verify the vulnerabilities in FIWARE component. Please provide the information if such information is available.
Upvotes: 0
Views: 95
Answers (1)
Reputation: 610
For a given Docker baseline we are using Anchore and Clair checks. For a given usual running Docker Container based on a Docker Compose file a Docker Benchmark Security recommendation is executed. Additionally, we are running SAST code analysis over the corresponding repositories. Plus npm audit for the node.js ones plus.
We are defining corresponding GitHub Actions to use inside the repositories.
There is a working project to provide security analysis of the components, the first version is not released yet. You can take a look on it in this repository FIWARE Security Scan
Upvotes: 2
Related Questions
- Fiware IoTAgent and Context Broker
- How to debug Fiware-Orion
- About the version of each component in release 7.5 of FIWARE
- Is there any problem with fiware repositories?
- Image catalogue of the Pegasus-PaaS Manager generic enabler of FIWARE
- Fiware: Cepheus security considerations?
- Fiware IDAS & Orion Production Deployment
- Installing FIWARE Sanity Checks in my own premise
- How to test Fiware Cygnus
- Implementing security in Fiware