DeepFactor Developer Tools
DeepFactor integrates seamlessly with the existing CI/CD tools and is highly customizable. To help you customize and improve your experience, we’ve completely open sourced these integration capabilities and developer tools.
You can find all of our developer tools and integration points on our GitHub page.
Here are some highlights from our developer tools:
This Jenkins plugin enables you to instrument DeepFactor into your applications as part of your build/CI pipeline.
Jenkins Pipeline Integration You can write Simple Pipeline files that incorporate the pipeline steps.
step([$class: 'DfJenkinsBuilder', dfImageToBeInstrumented: 'DockerImageUrl', dfApp: AppName, dfComponent: ComponentName, dfInstrumentedImageName: '', dfSuffix: 'SuffixToDifferentiate'])
Jenkins Pipeline Build Status Build status, correctly displays Success/Failure while showcasing the sub steps it takes while running, build steps
Downloading Dockerfile : Success getDfImageToBeInstrumented = ImageUrl imageUnSealed = ImageUrl imageSealed = ImageUrl imageTag = ImageVersionTag image id = DockerImageId Success in Pushing Image
Code is structured around
• Jenkins Configuration Management
• Docker Management
imageId = dfDockerManager.build( imageUnSealed, imageSealed this.getDfApp(), this.getDfComponent(), sealerToken DockerCmdExecFactory dockerCmdExecFactory = new JerseyDockerCmdExecFactory(); dockerClient = DockerClientBuilder.getInstance(config) .withDockerCmdExecFactory(dockerCmdExecFactory).build
• Json Parsing
dfParseManager.parseGetSealerToken(response); dataSealer = gson.fromJson(jsonString, DfParsingBeans.LoginResponseSealer.class).data;
• Authenticated WebClient
String authToken = dfWebClient.getAuthToken(); sealerToken = dfWebClient.getSealerToken(authToken);
We’re also open sourcing two vulnerable applications that we created to test DeepFactor. You can use these applications to test DeepFactor in your own environment, too:
Goaty Finance is a stock ticker app written using node, postgres and redis. It contains multiple security vulnerabilities including:
• CVE-2019-18276: A privilege escalation vulnerability with a CVSS score of 7.8 (highly likely to be exploited).
• CVE-2019-10742: A denial of service vulnerability with a CVSS score of 7.5 (highly likely to be exploited).
• CVE-2020-10029: A buffer overflow vulnerability with a CVSS score of 5.5 (medium likelihood of being exploited).
• CVE-2020-1752: An arbitrary code execution vulnerability with a CVSS score of 7.0 (highly likely to be exploited).
Goaty Shop is an e-commerce web site selling Star Wars themed items, written using Django and Python. It contains multiple security vulnerabilities including:
• CVE-2019-1010022 : A buffer overflow vulnerability with a CVSS score of 9.8 (critical - extremely likely to be exploited)
• CVE-2010-4052 : A denial of service vulnerability.
• CVE-2018-20796 : A buffer and heap overflow vulnerability with a CVSS score of 7.5 (highly likely to be exploited).
• Information Disclosure - Suspicious Comments: Server sends responses that appear to contain suspicious comments which may help an attacker.
• Timestamp Disclosure - Unix: Server timestamp is disclosed by the application/web server.
We’d love to get your pull requests and comments to improve these capabilities and vulnerable applications moving forward. Stay tuned for more developer tools on our GitHub repository soon!