DEV Community

Shannon McFarland for Outshift By Cisco

Posted on • Edited on

1

VMClarity: What Happens During a Scan?

I recently posted on the VMClarity open source project and a couple of quick videos on what the project is about and how you can get started. If you missed that post, check it out here: VMClarity: Virtual Machine Security

A Reminder of how VMClarity Works

In the previous videos, I walked through the basics of how VMClarity works and the major components. As you recall, today, VMClarity is deployed in an AWS VPC. In that VPC, the VMClarity server is deployed as an AWS EC2 instance. You then configure VMClarity to scan specific 'scopes' inside of AWS. You can scan for all AWS EC2 instances your AWS account has access to or filter down that scope (recommended). The scan scope can filter on:

  • All AWS regions
  • AWS region
  • AWS region + VPC
  • AWS region + VPC + security group(s)
  • AWS region + instance tags (or within a specific VPC)

Once a VMClarity scan identifies the target assets (instances), it triggers an AWS snapshot of those assets, launches a new AWS EC2 instance, and attaches the snapshot to that instance. VMClarity then configures the scanner types (e.g., exploits, misconfigurations, malware, etc..) based on the scanner types you configured in the scanner configuration.

Behind the Scenes

In this post, I am sharing more information about what happens behind the scenes when VMClarity scans a 'target' asset (e.g., an AWS EC2 instance).

Here is a quick demo of accessing the VMClarity server instance and checking the real-time scanner virtual machine.


Learn More & Join the Community!

Learn more about VMClarity and join the community! https://github.com/openclarity/vmclarity

I will be back with more posts on understanding how VMClarity works, and how you can contribute to it!

You can also learn more about the other Clarity projects, such as (API security) and KubeClarity (K8s SBOM/Supply chain security) here:

And several blogs about both projects are here:
https://techblog.cisco.com/


Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay