Airflowscan – Checklist And Tools For Increasing Security Of Apache Airflow

Checklist and equipment for expanding safety of Apache ^(https://www.kitploit.com/search/label/Apache) Airflow.

DISCLAIMER
This venture NOT AFFILIATED with the Apache Foundation and the Airflow venture, and isn’t recommended via them.
Apache Airflow ^(https://airflow.apache.org/). installations. This initiatives supplies the next equipment:

  • Configuration document with hardened settings – see hardened_airflow.cfg ^(https://github.com/nightwatchcybersecurity/airflowscan/blob/master/data/hardened_airflow.cfg).
  • Security tick list for hardening ^(https://www.kitploit.com/search/label/Hardening) default installations – see CHECKLIST.MD ^(https://github.com/nightwatchcybersecurity/airflowscan/blob/master/data/CHECKLIST.md).
  • Static research ^(https://www.kitploit.com/search/label/Analysis) device to test Airflow configuration recordsdata for insecure settings.
  • JSON schema record used for validation via the static research device – see airflow_cfg.schema ^(https://github.com/nightwatchcybersecurity/airflowscan/blob/master/data/airflow_cfg.schema)

Information for the Static Analysis ^(https://www.kitploit.com/search/label/Static%20Analysis) Tool (airflowscan)
The static research device can take a look at an Airflow configuration document for settings associated with safety. The device convers the config document to JSON, after which makes use of a JSON ^(https://www.kitploit.com/search/label/JSON) Schema to do the validation.

Requirements
Python 3 is needed and you’ll in finding all required modules within the necessities.txt document. Only examined on Python 3.7 however must paintings on different 3.x releases. No plans to 2.x strengthen at this time.

Installation
You can set up this by way of PIP as follows:

pip set up airflowscan
airflowscan

To obtain and run manually, do the next:

git clone https://github.com/nightwatchcybersecurity/airflowscan.git
cd airflowscan
pip -r necessities.txt
python -m airflowscan.cli

How to make use of
To scan a configuration document, do the next command:

airflowscan scan some_airflow.cfg

Reporting insects and have requests
Please use the GitHub factor tracker to record problems or counsel options: https://github.com/nightwatchcybersecurity/airflowscan ^(https://github.com/nightwatchcybersecurity/airflowscan)
You too can ship emai to analysis /at/ nightwatchcybersecurity [dot] com

Download Airflowscan ^(https://github.com/nightwatchcybersecurity/airflowscan)