Skip to content

A container security tool written in Rust focusing on making security easy for compose based configurations

License

Notifications You must be signed in to change notification settings

GeekMasher/quibble

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

Quibble

GitHub GitHub Actions GitHub Issues GitHub Stars Crates.io Licence

A container security tool written in Rust focusing on making security easy for compose based configurations.

Installing

Crates.io

cargo install quibble

Cargo CLI - From source

git clone https://github.com/GeekMasher/quibble
cd quibble
cargo install --path .

Actions

- name: Quibble Scan
  uses: GeekMasher/quibble@0.3.3

Usage

Quibble runs in many modes (more to come soon)

Compose

compose finds all compose files and runs a set of rules on the parsed compose files.

quibble compose --help

This is a very simple util to quickly scan and detect various security or information about the compose files found in a simple view.

quibble compose --path /srv

screenshot of quibble on a directory containing many different compose files

Contributing

Contributions are absolutely, positively welcome and encouraged! Contributions come in many forms. You could:

  1. Submit a feature request or bug report as an issue.
  2. Ask for improved documentation as an issue.
  3. Comment on issues that require feedback.
  4. Contribute code via pull requests.

We aim to keep Quibble's code quality at the highest level. This means that any code you contribute must be:

  • Commented: Complex and non-obvious functionality must be properly commented.
  • Documented: Public items must have doc comments with examples, if applicable.
  • Styled: Your code's style should match the existing and surrounding code style.
  • Simple: Your code should accomplish its task as simply and idiomatically as possible.
  • Tested: You must write (and pass) convincing tests for any new functionality.
  • Focused: Your code should do what it's supposed to and nothing more.

License

All the code in this repository is under the MIT License.