Dagda: The Docker Security Suite!

The Docker security god must surely be smiling and thinking he must have done something right to have tools like Dagda that helps in performing static analysis of known vulnerabilities on Docker containers. If you did not get my “Docker security guard” analogy, I won’t blame you either. Google told me that Dagda is an important god of Irish mythology.

Dagda
Dagda

Enough of mythology, lets get down to security!

What is Dagda?

Dagda is an open source tool, coded in Python to perform static analysis of known vulnerabilities in Docker images/containers. It also helps you to monitor running Docker containers for detecting anomalous activities. To do so, it retrieves information about the software installed in your Docker image, such as the OS packages, the dependencies, modules, etc. and matches it against a vulnerability database. This database is created by collating vulnerability data from sources such as NVD, SecurityFocus BID & Exploit-DB into a MongoDB database. The database also stores your past static analysis “scans” performed on the Docker images and their result for a duration which you specify.

Dagda supports multiple Docker base Linux images:

  • Red Hat/CentOS/Fedora
  • Debian/Ubuntu
  • OpenSUSE
  • Alpine Linux

The base engine of this open source tool is a mix of OWASP Dependency Check and Retire.js. Presumably, it can analyze dependencies from Java, Python, NodeJS, Java Script, Ruby and PHP. For behavioral analysis, Sysdig Falco is integrated and requires the following to be installed:

  • Python3.4.5 or later
  • MongoDB 2.4 or later
  • Docker
  • Pip3
    • PyMongo
    • Requests
    • Python-dateutil
    • Joblib
    • Docker-py
    • Flask
    • Flask-cors
    • PyYAML

REST-API & Command line interfaces as the two ways with which you can interact with this Docker security suite. Every aspect of this tool can be controlled via the REST-API. You can have a CLI access to this tool via the REST API.

Using Dagda:

Post installation, you simply run the following from the command line:

python3 dagda.py check --docker_image DOCKER_IMAGENAME

Successful acceptance returns a scan ID, which you then use to retrieve the scan reports. How? This is how:

python3 dagda.py history DOCKER_IMAGENAME --id SCANID

That’s all folks!

Download dagda:

You can download Dagda 0.5.0 here.