... | ... | @@ -2,4 +2,44 @@ |
|
|
|
|
|
## Iron Bank Tools Home
|
|
|
|
|
|
## Getting started |
|
|
\ No newline at end of file |
|
|
<details><summary>
|
|
|
|
|
|
## Iron Bank Tools Overview
|
|
|
|
|
|
</summary>
|
|
|
|
|
|
| Project/Group | Description |
|
|
|
| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
|
| dsop-bots | Collection of tools that help manage all of the container hardening projects at repo1.dso.mil/dsop |
|
|
|
| templates | GitLab project templates (Empty) |
|
|
|
| administration-tools | A project used to manage miscellaneous ironbank administration tools. (Empty) |
|
|
|
| anchore-failed-analyses-cleanup |
|
|
|
| anchore-policy | Anchore policies |
|
|
|
| ca-cert-injector | Rebuild images with CA certs injected |
|
|
|
| ComplianceAsCode | This code repo is used for the security profile for OpenSCAP. |
|
|
|
| cosign-signature-cleanup | A project used to run a pipeline that will mop up image signatures created by Cosign that no longer have an associated image digest. |
|
|
|
| grype-parser | A tool to parse the output of Anchore Grype utility and assess feasibility of continuing with hardening. |
|
|
|
| IB Tools Pipeline Settings | Will retrieve all scheduled pipelines in the ironbank-tools group, and ensure they are owned by the ironbank-tools-bot. |
|
|
|
| ironbank-modules | Stores python modules used by IB pipeline, bootstrap, and other projects supported by the POPs team. |
|
|
|
| ironbank-pipeline | Project that stores pipeline code that every container hardening project in repo1.dso.mil/dsop uses in order to define its pipelines. |
|
|
|
| ironbank-rf-content | (Empty) |
|
|
|
| ironbank-security | Store tools related to or created by the IB security team (Empty) |
|
|
|
| nexus-cache-invalidation | Script to invalidata the cache of our current nexus proxy repositories. |
|
|
|
| pops-offboarding | (Empty) |
|
|
|
| project-metadata | Ensure that all project metadata is enforced |
|
|
|
| project-permissions | Report/enforce permissions in GitLab groups and projects |
|
|
|
| project-template | "Python utility for ensuring that projects maintain the same settings, configurations, files, etc. Designed to be used in conjuction with built-in GitLab project templates." |
|
|
|
| renovate-tools | Adds/Removes rennovate-bot user; enforces permissions for the rennovate-bot user |
|
|
|
| robot accounts | Create Harbor robot accounts |
|
|
|
| Staging User Permissions | Grant staging users admin access |
|
|
|
| stigviewer | CLI tool for outputting a stigviewer checklist that includes the oscap results and justifications from VAT |
|
|
|
| trigger | Handle rebuilding approved IronBank inages every 12 hours without overwhelming GitLab |
|
|
|
| twistcli-builder | Create or update the twistcli image used in the pipeline for vulnerability scanning |
|
|
|
| ubuntu-oscap | (Empty) |
|
|
|
| validate_cosign_signatures | Perform verification of cosign signature on each tagged image in registry1 |
|
|
|
| vat-container-label-importer | |
|
|
|
| vm-creator | Create an IL5 compliant VM |
|
|
|
|
|
|
</details>
|
|
|
|
|
|
## Getting started |