Deepfactor Icon

Developer Tools

DeepFactor Developer Tools

DeepFactor integrates seamlessly with the existing CI/CD tools and is highly customizable. To help you customize and improve your experience, we’ve completely open sourced these integration capabilities and developer tools.

You can find all of our developer tools and integration points on our GitHub page.

Here are some highlights from our developer tools:

Jenkins Plugin

This Jenkins plugin enables you to instrument DeepFactor into your applications as part of your build/CI pipeline.

Jenkins Pipeline Integration You can write Simple Pipeline files that incorporate the pipeline steps.

step([$class: 'DfJenkinsBuilder',
        dfImageToBeInstrumented: 'DockerImageUrl', 
        dfApp: AppName, 
        dfComponent: ComponentName, 
        dfInstrumentedImageName: '',
        dfSuffix: 'SuffixToDifferentiate'])

Jenkins Pipeline Build Status Build status, correctly displays Success/Failure while showcasing the sub steps it takes while running, build steps

Downloading Dockerfile : Success
getDfImageToBeInstrumented = ImageUrl
imageUnSealed = ImageUrl
imageSealed = ImageUrl
imageTag = ImageVersionTag
image id = DockerImageId
Success in Pushing Image

Architecture
Code is structured around

• Jenkins Configuration Management​

FormValidation.error(Messages.DfJenkinsBuilder_DescriptorImpl_errors_missingDfUserName());

• Docker Management

imageId = dfDockerManager.build(
       imageUnSealed, imageSealed
       this.getDfApp(),
       this.getDfComponent(),
       sealerToken
       
DockerCmdExecFactory dockerCmdExecFactory = new JerseyDockerCmdExecFactory();
dockerClient = DockerClientBuilder.getInstance(config)
   .withDockerCmdExecFactory(dockerCmdExecFactory).build

• Json Parsing

dfParseManager.parseGetSealerToken(response);
         dataSealer = gson.fromJson(jsonString, DfParsingBeans.LoginResponseSealer.class).data;

• Authenticated WebClient

String authToken = dfWebClient.getAuthToken();
sealerToken = dfWebClient.getSealerToken(authToken);

We’re also open sourcing two vulnerable applications that we created to test DeepFactor. You can use these applications to test DeepFactor in your own environment, too:

Goaty Finance is a stock ticker app written using node, postgres and redis. It contains multiple security vulnerabilities including:

CVE-2019-18276: A privilege escalation vulnerability with a CVSS score of 7.8 (highly likely to be exploited).
CVE-2019-10742: A denial of service vulnerability with a CVSS score of 7.5 (highly likely to be exploited).
CVE-2020-10029: A buffer overflow vulnerability with a CVSS score of 5.5 (medium likelihood of being exploited).
CVE-2020-1752: An arbitrary code execution vulnerability with a CVSS score of 7.0 (highly likely to be exploited).

Goaty Shop is an e-commerce web site selling Star Wars themed items, written using Django and Python. It contains multiple security vulnerabilities including:

CVE-2019-1010022 : A buffer overflow vulnerability with a CVSS score of 9.8 (critical - extremely likely to be exploited)
CVE-2010-4052 : A denial of service vulnerability.
CVE-2018-20796 : A buffer and heap overflow vulnerability with a CVSS score of 7.5 (highly likely to be exploited).
Information Disclosure - Suspicious Comments: Server sends responses that appear to contain suspicious comments which may help an attacker.
Timestamp Disclosure - Unix: Server timestamp is disclosed by the application/web server.

We’d love to get your pull requests and comments to improve these capabilities and vulnerable applications moving forward. Stay tuned for more developer tools on our GitHub repository soon!