Abstract
There are billions of containers started by organizations on a daily basis. Thus, there has been a considerable need to invest in container security along with the security for conventional compute instance (like a physical machine, AWS EC2, etc.). Currently, there is no open-source automated solution that enables the organization to constantly monitor security hygiene of their container ecosystem.
ArmourBird CSF - Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks.
ArmourBird CSF has a client-server architecture and is thus divided into two components:
a) CSF Client
- This component is responsible for monitoring the docker installations, containers, and images on target machines
- In the initial release, it will be checking against Docker CIS benchmark
- The checks in the CSF client will be configurable and thus will be expanded in future releases and updates
- It has been build on top of Docker bench for security
b) CSF Server
- This will be the receiver agent for the security logs generated by the various distributed CSF clients (installed on multiple physical/virtual machines)
- This will also have a UI sub-component for unified management and dashboard-ing of the various vulnerabilities/issues logged by the CSF Clients
- This server will also expose APIs that can be used for integrating with other systems