This repository contains all files necessary to build a Docker image, containing several security-related tools. The tools can then easily be used in a Continuous Integration pipeline, by using this image.
Some of the tools are binaries (for example the SonarQube scanner), some are Python libraries, and some are Node packages.
The accompanying .gitlab-ci.yml file can be used to automatically test the
image, using several automated security testing tools.
A prebuilt Docker image can be found on
https://hub.docker.com/repository/docker/gofwd/tools-image and downloaded from
docker.io using the tag gofwd/tools-image
The following tools are available:
- ansible-lint
- curl
- cyclonedx-bom
- detect-secrets
- grype
- nikto.pl
- nmap
- npm
- pylint
- sonar-scanner
- ssh-audit
- testssl.sh
- yamllint