Glue – Application Security Automation

  • 84
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    84
    Shares

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools.

Dependencies

  • clamav
  • hashdeep
  • rm (*nix)
  • git
  • mount (*nix)
  • docker

Download & Install

gem install owasp-glue
or
docker run owasp/glue

Installation & run for Development purpose

git clone https://github.com/owasp/glue
cd glue                     -- RVM will set to 2.3.1 with Gemset Glue
gem install bundler
bundle install
cd lib
../bin/glue -h

To run the code, run the following from the root directory:

>ruby bin/Glue <options> target

To build a gem, just run:

gem build Glue.gemspec

Glue is intended to be extended through added “tasks”. To add a new tool, copy an existing task and tweak to make it work for the tool in question.

For common options:

-d for debug
-f for format (takes "json", "csv", "jira")
glue --help (for full list)

 

Target

  • Filesystem (which is analyzed in place)
  • Git repo (which is cloned for analysis)
  • Other types of images (.iso, docker, etc. are experimental)

Integration

First, grab the hook from the code.

meditation:hooks mk$ cp /area53/owasp/Glue/hooks/pre-commit .

Then make it executable.

meditation:hooks mk$ chmod +x pre-commit

Make sure the shell you are committing in can see docker.

meditation:hooks mk$ eval "$(docker-machine env default)"

Now go test and make a change and commit a file. The result should be that Glue runs against your code and will not allow commits unless the results are clean. (Which is not necessarily a reasonable expectation)

 

Download now РGlue 

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply