Continous Integration
anteater runs as a DevOps gate check. Every patch / pull request is scanned. It easily integrates with Travis-CI, CircleCI and Jenkins
Anteater is an open framework to prevent the unwanted merging of dangerous strings, filenames, binaries, depreciated functions, staging enviroment code / credentials etc.
anteater is 100% open source under an apache 2.0 license. You're free to make changes and we encourage community contributions.
anteater is easy to customise with an open framework. There is no need to make code changes to implement your own checks and filters.
anteater uses the 'crowd sourced' Virus Total API to verify any public IP addresses, url's or binaries found are safe to merge
Know of some expressions that are useful and want to share them? Looking for something in particular? Try the community vault (pending)
anteater is used by the Linux Foundation, Red Hat, and independent security researchers.
Anteater is best installed via pip
$ pip install anteater
Set content to block
apprun:
regex: app\.run\s*\(.*debug.*=.*True.*\)
desc: "Running flask in debug mode can give away sensitive data"
xreadlines:
regex: import*.xreadlines|from*.xreadlines
desc: "Using 'for line in file', introduced in 2.3, is preferable."
Set filenames to block
file_names:
- jenkins\.plugins\.publish_over_ssh\.BapSshPublisherPlugin\.xml
- (irb|plsq|mysql|bash|zsh)_history
- \.gem\/credentials
- key(store|ring)
- ovpn
- secret_token\.rb
Virus Total API - Binary Scanning
INFO - Non Whitelisted Binary file: /example_project/files/eicar_com.zip
INFO - Rate limit clear.
INFO - Report found, job complete.
ERROR - Virus Found!
INFO - File scan date for infected/eicar_com.zip shows a infected status on: 2018-04-04 21:52:26
INFO - Full report avaliable here: https://www.virustotal.com/file/2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad/analysis/1522878746/
Virus Total API - IP Scanning
INFO - Found what I believe is an IP Address: command.server(host='90.156.201.21', port=9190)
INFO - File python/run.py. Parsed IP Address: 90.156.201.21
INFO - Rate limit active..please wait...
INFO - Rate limit clear.
ERROR - 90.156.201.21 has been known to resolve to the following malicious urls:
http://igmarealty.ru/ on date: 2018-04-04 20:02:51
http://new.abrikostur.ru/img on date: 2018-04-04 17:57:02
http://personnel-sakh.ru/ on date: 2018-04-04 11:55:50
http://new.abrikostur.ru/img/lib.js on date: 2018-03-31 04:19:13
INFO - http://new.abrikostur.ru/img/lib.js on date: 2018-03-31 04:19:13
INFO - http://new.abrikostur.ru/menu/menu-ver2.js on date: 2018-03-29 23:47:56
Virus Total API - URL Scanning
INFO - File shell/test.sh contains what I believe is a URL: curl -L http://cool-mart.ru/katalog-produkcii
INFO - Scanning: http://cool-mart.ru/katalog-produkcii
INFO - Rate limit active..please wait...
INFO - Rate limit clear.
INFO - Report found, job complete for http://cool-mart.ru/katalog-produkcii.
ERROR - http://cool-mart.ru/katalog-produkcii is recorded as a malicious site by ADMINUSLabs
ERROR - http://cool-mart.ru/katalog-produkcii is recorded as a malware site by Yandex Safebrowsing
ERROR - Full report available here: https://www.virustotal.com/url/666c50b300b33e15d076359b20d2eac020a2868af4680ad99154dc517f0ca7a4/analysis/1519139134/
For more indepth details, please refer to the latest documentation on our readthedocs site.