Prancer is a pre-deployment and post-deployment multi-cloud security platform for your Infrastructure as Code (IaC) and live cloud environment. It shifts the security to the left and provides end-to-end security scanning based on the Policy as Code concept. DevOps engineers can use it for static code analysis on IaC to find security drifts and maintain their cloud security posture with continuous compliance features. you can get more information from our website at : https://www.prancer.io
The easiest way to get up and running is to make sure you can run the scenario we are explaining in the Hello World example. after being able to run that simple scenario, you can use this repository to do more advanced security tests.
The repository consists of 4 high level folders representing each supported type:
- AWS
- Azure
- Kubernetes
Under each top level directory, we have cloud
, iac
and terraform
folders which hold the rego
files respectively.
cloud
folder holds all the rego files related to post deployment tests. These tests contribute to have continuous compliance in the cloudiac
folder holds all the rego files related to IaC Security Scan. These tests contribute to shift security to left conceptterraform
folder holds all the rego files related to Terraform Infrastructure as Code
Make sure you have the following prerequisites available:
- Linux distribution
- Python 3.6.8 / 3.8 / 3.9
- Prancer Basic How to install prancer basic
- OPA How to install OPA binary
Note: We recommend moving
opa
to a directory included in your system'sPATH
(i.e/usr/local/bin/
)
There are lots of use cases available for the Prancer Platform. Here I will show you a sample scenario to IaC Scan Azure ARM template.
The complete code is available in the Hello World repository
The easiest way is to clone our Hello World repository, change the parameters and run it.
git clone https://github.com/prancer-io/prancer-hello-world
cd prancer-hello-world
You can use the available connector and change the gitProvider
attribute to point to your own repo. (https://github.com/prancer-io/prancer-hello-world/blob/master/gitConnectorArmRemoteStructure.json)
cat gitConnectorArmRemoteStructure.json
{
"fileType": "structure",
"type": "filesystem",
"companyName": "prancer",
"gitProvider": "https://github.com/prancer-io/prancer-armof.git",
"branchName": "master",
"private": false
}
The next step is to verify master snapshot and master test files which are pointed to this repository. The complete code is already available in our Hello World
sample repository and you don't need to change anything. You can find the sample codes here:
https://github.com/prancer-io/prancer-hello-world/tree/master/validation/scenario-arm-remote
cat validation/scenario-arm-remote/master-snapshot.json
{
"$schema": "",
"contentVersion": "1.0.0.0",
"fileType": "masterSnapshot",
"connector": "gitConnectorRemote",
"remoteFile": "azure/iac/master-snapshot.json",
"connectorUsers": [
{
"id": "USER_1",
"testUser": "user1",
"source": "gitConnectorArmRemoteStructure"
}
]
}
cat validation/scenario-arm-remote/master-test.json
{
"contentVersion": "1.0.0.0",
"notification": [],
"masterSnapshot": "master-snapshot",
"fileType": "mastertest",
"connector": "gitConnectorRemote",
"remoteFile": "azure/iac/master-compliance-test.json"
}
run the command prancer --crawler scenario-arm-remote
to get all the files available in your repository. And then prancer scenario-arm-remote
to complete the IaC security tests for Azure ARM templates.