Home

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities.

In order to fulfill its mission, first the known vulnerabilities as CVEs (Common Vulnerabilities and Exposures), BIDs (Bugtraq IDs), RHSAs (Red Hat Security Advisories) and RHBAs (Red Hat Bug Advisories), and the known exploits from Offensive Security database are imported into a MongoDB to facilitate the search of these vulnerabilities and exploits when your analysis are in progress.

Then, when you run a static analysis of known vulnerabilities, Dagda retrieves information about the software installed into your docker image, such as the OS packages and the dependencies of the programming languages, and verifies for each product and its version if it is free of vulnerabilities against the previously stored information into the MongoDB. Also, Dagda uses ClamAV as antivirus engine for detecting trojans, viruses, malware & other malicious threats included within the docker images/containers.

Dagda supports multiple Linux base images:

• Red Hat/CentOS/Fedora
• Debian/Ubuntu
• OpenSUSE
• Alpine

Dagda rests on OWASP dependency check + Retire.js for analyzing multiple dependencies from:

• java
• python
• nodejs
• js
• ruby
• php

On the other hand, Dagda is integrated with Falco for monitoring running docker containers to detect anomalous activities. Also, Dagda includes the gathering of real time events from docker daemon.

Finally, each analysis report of a docker image/container, included all static analysis and all runtime monitoring, is stored into the same MongoDB for having available the history of each docker image/container when it is needed.