Data

Tools

Indexes

Applications

Experiments

Open Source Science

docker-secret-analysis

Code to "Secrets Revealed in Container Images: An Internet-wide. Study on Occurrence and Impact"

https://github.com/comsys/docker-secret-analysis

Science Score: 31.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
  • .zenodo.json file
  • DOI references
    Found 1 DOI reference(s) in README
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (8.8%) to scientific vocabulary
Last synced: 10 months ago · JSON representation ·

Repository

Code to "Secrets Revealed in Container Images: An Internet-wide. Study on Occurrence and Impact"

Basic Info
  • Host: GitHub
  • Owner: COMSYS
  • Language: Jupyter Notebook
  • Default Branch: main
  • Size: 43.9 KB
Statistics
  • Stars: 1
  • Watchers: 6
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created about 3 years ago · Last pushed about 3 years ago
Metadata Files
Readme Citation

README.md

Code to our Internet-wide Study on Secrets in Docker Images

Description

This repository contains core code we used to find secrets, i.e., private keys and API secrets, in Docker container images. Specifically, we publish our code to enable open-source secret scanners, e.g., TruffleHog, to integrate parts or ideas of it.

If you use any portion of our work, please cite our paper:

@inproceedings{2023-dahlmanns-docker, author = {Dahlmanns, Markus and Sander, Constantin and Decker, Robin and Wehrle, Klaus}, title = {Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact}, booktitle = {Proceedings of the 2023 ACM on Asia Conference on Computer and Communications Security}, doi = {10.1145/3579856.3590329}, isbn = {979-8-4007-0098-9/23/07}, year = {2023}, }

Countermeasures

Our code cannot be used to scan own images for secrets conveniently as it was designed to perform secret scanning on images at scale. Instead, other (closed-source) software promises to do so:

Disclaimer: Note that we do not have influence on these projects and how they perform their secret scanning. Some approaches might upload the image content to the services for scanning. Also, we did not evaluate how well they perform.

Repository Content

The content of this repository splits in two tools: docker-analyzer and validation. Both folders contain more detailed README files.

docker-analyzer

The folder docker-analyzer includes our image scanning tool. It takes information on new image layers that should be analyzed from AMQP, downloads, and analyzes the layers as well as creates a folder structure containing meta information on each layer and found matches.

validation

The folder validation contains our Jupyter Notebook to validate matches of the docker-analyzer and further analyze information from Dockerfiles.

Owner

  • Name: COMSYS
  • Login: COMSYS
  • Kind: organization

Citation (CITATION.bib) 

@inproceedings{2023-dahlmanns-docker,
    author = {Dahlmanns, Markus and Sander, Constantin and Decker, Robin and Wehrle, Klaus},
    title = {Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact},
    booktitle = {Proceedings of the 2023 ACM on Asia Conference on Computer and Communications Security},
    doi = {10.1145/3579856.3590329},
    isbn = {979-8-4007-0098-9/23/07},
    year = {2023},
}

GitHub Events

Total
  • Watch event: 1
Last Year
  • Watch event: 1

Issues and Pull Requests

Last synced: about 2 years ago

All Time
  • Total issues: 0
  • Total pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Total issue authors: 0
  • Total pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels

Dependencies

docker-analyzer/go.mod go
  • github.com/akamensky/argparse v1.3.1
  • github.com/cyberdelia/lzo v1.0.0
  • github.com/flier/gohs v1.2.0
  • github.com/hashicorp/go-cleanhttp v0.5.2
  • github.com/hashicorp/go-retryablehttp v0.7.1
  • github.com/klauspost/compress v1.15.8
  • github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f
  • github.com/pkg/profile v1.6.0
  • github.com/rakyll/magicmime v0.1.0
  • github.com/sirupsen/logrus v1.8.1
  • github.com/streadway/amqp v1.0.0
  • github.com/ulikunitz/xz v0.5.10
  • golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f
  • gopkg.in/yaml.v2 v2.4.0
docker-analyzer/go.sum go
  • 597 dependencies