CloneGuard is a tool for detecting cloned vulnerabilities in open-source projects. To monitor or detect cloned vulnerabilities in a project, it is required to register it in the internal database of the tool first. Then, CloneGuard offers two modes for analysis of the project:
Runs a detection of a specific vulnerability in forked projects.
Scans the recent updates in watched parent projects for suspicious commits.
The recipients can be configured in variable NOTIFY_LIST in file cloneguard/settings.py
Initialize environment variables in .env file:
GITHUB_API_ACCESS_TOKEN- GitHub personal access token (see GitHub Docs)SMTP_LOGIN- SMTP login for sending email notificationsSMTP_PASSWORD- SMTP password for sending email notifications
CloneGuard consists of multiple services. To run them, you need to install Docker and Docker Compose.
docker-compose build- build all services
docker-compose run db- start DBdocker-compose exec db sh- connect to the containerpg_restore -U admin -W -d postgres -F t db_data/dump.tar- run in the container, initialize DB with data from experimentation (use pass: postgres)
or
docker-compose run worker ./cli db-init- initialize DB schema - fresh instance
docker-compose up- start all servicesdocker-compose exec worker ./cli --help- access CLI
web- web interface, available athttp://localhost:3000api- API for web interface, available athttp://localhost:8000worker- worker for processing tasksdb- internal databaseredis- internal message broker
Simian (Similarity Analyzer) is a tool for detecting code duplicates. CloneGuard uses it to find vulnerable code clones in forked projects. Simian is written in Java and requires Java 8 or higher to run (installed in the docker image).
Download here.