Tick list and gear for expanding safety ofAirflow.
This mission NOT AFFILIATED with the Apache Basis and the Airflow mission, and isn’t counseled by way of them.
. installations. This tasks supplies the next gear:
- Configuration record with hardened settings – see .
- Safety tick list for default installations – see .
- Static instrument to test Airflow configuration recordsdata for insecure settings.
- JSON schema record used for validation by way of the static research instrument – see
Data for the Software (airflowscan)
The static research instrument can test an Airflow configuration record for settings associated with safety. The instrument convers the config record to JSON, after which makes use of a Schema to do the validation.
Python 3 is needed and you’ll to find all required modules within the necessities.txt record. Handiest examined on Python 3.7 however will have to paintings on different 3.x releases. No plans to 2.x enhance at this time.
You’ll set up this by means of PIP as follows:
pip set up airflowscan
To obtain and run manually, do the next:
git clone https://github.com/nightwatchcybersecurity/airflowscan.git
pip -r necessities.txt
python -m airflowscan.cli
How you can use
To scan a configuration record, do the next command:
airflowscan scan some_airflow.cfg
Reporting insects and have requests
Please use the GitHub factor tracker to record problems or counsel options:
You’ll additionally ship emai to analysis /at/ nightwatchcybersecurity [dot] com