#
Salus Overview
Salus (Security Automation as a Lightweight Universal Scanner), named after the Roman goddess of protection, is a tool for coordinating the execution of security scanners. You can run Salus on a repository via the Docker daemon and it will determine which scanners are relevant, run them and provide the output. Most scanners are other mature open source projects which we include directly in the container.
Salus is particularly useful for CI/CD pipelines because it becomes a centralized place to coordinate scanning across a large fleet of repositories. Typically, scanners are configured at the repository level for each project. This means that each repository must be updated when making org-wide changes to how the scanners are run. Instead, you can update Salus and all builds will instantly inherit the change.
Salus provides extensive configurations that allow for global defaults and local tweaks. Finally, Salus can report metrics on each repository, such as what packages are included or what concerns exist. These reports can be centrally evaluated in your infrastructure to allow scalable security tracking.
#
Quick Start
Docker is required to run Salus. The dependencies for the project are stored on a docker container, which helps reduce the number of steps required to run Salus.
Check out the Getting Started Guide for detailed instructions or continue here for a more condensed process
#
Installation
Docker is available on different operating systems. You can install the appropriate version for your operating system on the Docker website
brew install docker
All Set! you are now ready to run Salus ✨
#
Running Salus
Navigate to the root directory of the project you want to run Salus on
cd /path/to/repo
Run the following line in the root directory (No edits necessary). This will run the latest Version of Salus.
docker run --rm -t -v $(pwd):/home/repo coinbase/Salus
Running specific versions of Salus is also possible. All you need to do is provide the version tag
docker run --rm -t -v $(pwd):/home/repo coinbase/Salus:2.17.6
Salus Releases
To view all versions of Salus, visit the releases page
#
Supported Scanners
Salus serves as an orchestrator for security scanners. Salus triggers the appropriate scanners if a project meets a scanner's requirements
Salus currently supports the following open-source scanners:
Request a Scanner
If there are other open-source scanners that would be great for salus, please create an issue
#
Additional Scanners
In addition to the open-source options, Salus also provides its own scanners as well.
#
Configurations
Salus is highly configurable to work in different environments and with different scanners. It supports environment variable interpolation and cascading configurations and can read configuration and post reports over HTTP.
Sometimes it's necessary to ignore certain CVEs, rules, tests, groups, directories, or otherwise modify the default configuration for a scanner. The scanner configuration documentation explains how to do so for each scanner that Salus supports.
If you would like to build custom scanners or support more languages that are not currently supported, check out the guide for creating custom scanners.
#
Development 👷♂️
Contribution to this project is extremely welcome and it's our sincere hope that the work we've done only serves as a foundation for allowing the security/development communities to come together to improve the security of everyone's infrastructure.
You can read more about getting your development environment set up, or the architecture of Salus.
#
Releases
The entire release archives of Salus is available on Github
#
License 📃
This project is available open source under the terms of the Apache 2.0 License.