DEV Community: Shannon McFarland

VMClarity: How to use the API

Shannon McFarland — Mon, 24 Apr 2023 15:27:42 +0000

If you are just now joining us on our multi-post series on the VMClarity open source project, check out these other posts to catch up:

Introduction to VMClarity and how to get it deployed: https://dev.to/ciscoemerge/vmclarity-virtual-machine-security-5e8g
Behind the scenes of a VMClarity scan: https://dev.to/ciscoemerge/vmclarity-what-happens-during-a-scan-3g08

The VMClarity API

VMClarity uses the OpenAPI spec; you can look at it here: https://github.com/openclarity/vmclarity/blob/main/api/openapi.yaml.

You can interact with the API via the following methods:

VMClarity UI - See the blogs referenced above to understand how to interact with the UI)
curl commands - See the video and commands referenced below
API tools such as Postman - See the video below

Once you have VMClarity up and running, check out this video to learn more about interacting with the VMClarity API:

Here are some of the commands that I referenced in the video:
SSH tunnel into the VMClarity Server instance (EC2):

ssh -i <your PEM> -N -L 8888:localhost:8888 ubuntu@<VMClarity public IP address>

curl against the VMClarity API to get the scan configurations:

curl -s -X GET http://localhost:8888/api/scanConfigs -H 'Content-Type: application/json' | json_pp

curl to get a list of scan targets (EC2 assets found based on the scan scope in the scan configuration):

curl -s -X GET http://localhost:8888/api/targets -H 'Content-Type: application/json' | json_pp

curl to get the scan results. Note: This is going to generate a LOT of output. It is best to view this information in the UI:

curl -s -X GET http://localhost:8888/api/scanResults -H 'Content-Type: application/json' | json_pp

Learn More & Join the Community!

Learn more about VMClarity and join the community! https://github.com/openclarity/vmclarity

I will be back with more posts on understanding how VMClarity works, and how you can contribute to it!

You can also learn more about the other Clarity projects, such as (API security) and KubeClarity (K8s SBOM/Supply chain security) here:

And several blogs about both projects are here:
https://techblog.cisco.com/

Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.

VMClarity: What Happens During a Scan?

Shannon McFarland — Tue, 18 Apr 2023 21:09:59 +0000

I recently posted on the VMClarity open source project and a couple of quick videos on what the project is about and how you can get started. If you missed that post, check it out here: VMClarity: Virtual Machine Security

A Reminder of how VMClarity Works

In the previous videos, I walked through the basics of how VMClarity works and the major components. As you recall, today, VMClarity is deployed in an AWS VPC. In that VPC, the VMClarity server is deployed as an AWS EC2 instance. You then configure VMClarity to scan specific 'scopes' inside of AWS. You can scan for all AWS EC2 instances your AWS account has access to or filter down that scope (recommended). The scan scope can filter on:

All AWS regions
AWS region
AWS region + VPC
AWS region + VPC + security group(s)
AWS region + instance tags (or within a specific VPC)

Once a VMClarity scan identifies the target assets (instances), it triggers an AWS snapshot of those assets, launches a new AWS EC2 instance, and attaches the snapshot to that instance. VMClarity then configures the scanner types (e.g., exploits, misconfigurations, malware, etc..) based on the scanner types you configured in the scanner configuration.

Behind the Scenes

In this post, I am sharing more information about what happens behind the scenes when VMClarity scans a 'target' asset (e.g., an AWS EC2 instance).

Here is a quick demo of accessing the VMClarity server instance and checking the real-time scanner virtual machine.

Learn More & Join the Community!

Learn more about VMClarity and join the community! https://github.com/openclarity/vmclarity

I will be back with more posts on understanding how VMClarity works, and how you can contribute to it!

You can also learn more about the other Clarity projects, such as (API security) and KubeClarity (K8s SBOM/Supply chain security) here:

And several blogs about both projects are here:
https://techblog.cisco.com/

Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.

VMClarity: Virtual Machine Security

Shannon McFarland — Thu, 13 Apr 2023 17:06:26 +0000

Project VMClarity

Do you have virtual machines in your environment? Do you care about their security? Are you looking for a new open-source project to contribute to? Well then, today is your lucky day!

Introducing VMClarity!

Overview

VMClarity is an open source tool for agentless detection and management of Virtual Machine (VM) Software Bill Of Materials (SBOM) and security threats such as vulnerabilities, exploits, malware, rootkits, misconfigurations, and leaked secrets.

VMClarity uses pluggable scanning infrastructure to provide the following:

Software Bill of Materials analysis
Package & OS vulnerability detection
Exploit detection
Leaked secret detection
Malware detection
Misconfiguration detection
Rootkit detection

Check out this quick video walk-through of what VMClarity is about:

Getting Started

Now that you have a basic understanding of what the VMClarity project is about let's check out how you can quickly get started with it:

Follow along with the video and get started today by visiting the project repo:

https://github.com/openclarity/vmclarity

Stay tuned for more information on VMClarity. We will have demos, feature walk-throughs, and detailed architecture posts in the future.

Learn More & Join the Community!

You can also learn more about the other Clarity projects, such as APIClarity (API security) and KubeClarity (K8s SBOM/Supply chain security) here:

And several blogs about both projects are here:
https://techblog.cisco.com/

Shannon McFarland is a Distinguished Engineer and open source advocate in Cisco’s Emerging Technology & Incubation organization. You can follow him on Twitter @eyepv6.