logo
cnb/plugins/tencentcom/ksas-audit-suites
Public
0
1
Login
CodeIssuesPull requestsEventsPackagesInsights
main
Branch
2
Tag
0
folger
chore: 插件tag多语言支持
856a5a2e
8 commits
code
.cnb.yml
.gitignore
Development.md
Dockerfile
LICENSE
Makefile
README.en.md
README.md
logo.png
plugin-meta.json
test.sh

KSAS Security Audit

T-Sec Keenlab Security Audit Suites (KSAS) is a collection of tools for security audits at various levels, including: system baseline security audit, artifact security audit, source code security audit, and Android application security audit.

Parameter Description

  1. Required Parameters
  • team_name: The team to which the analysis belongs, needs to be created in advance. Example: your-team.
  • project_name: The project to which the analysis belongs, needs to be created in advance. Example: your-project.
  • analysis_path: The path where the files to be analyzed are located. Example: /bin/echo.
  • analysis_type: The type of analysis to create, currently supports three types, default is ArtifactPackage:
    • ArtifactPackage: Corresponds to the analysis type binAuditor, system type Package
    • ArtifactDocker: Corresponds to the analysis type binAuditor, system type Docker.
    • ArtifactAPK: Android application security audit
    • ArtifactSource: Source code security audit
  • analysis_name: Analysis name/version name. Example: your-analysis-name. Must be unique
  • token: Audit Suites token, available in the Audit Suites web page console in the upper right corner, username-token management-new, to obtain the token.
  • website: The URL of Audit Suites, used for API requests and final report link generation. Example: https://your-url.com.
  1. Optional Parameters
  • description: Analysis description, default value is 'cnb plugin create'.
  1. Analysis Configuration Optional Parameters
  • analyze_timeout: Unpacking timeout setting, default 10 minutes
  • analyze_file_type: Select the type of files to analyze (Text/Binary), default analyzes all types.
  • file_skiped: Files or directories to skip. For example: /skipped/path/*, */pom.xml or */*_test.go. No files are ignored by default.
  • smart_sca_enabled: Whether to enable C/C++ SCA, enabled by default.
  • smart_sca_deep_scan: Whether to enable deep scanning, disabled by default, only effective when C/C++ SCA is enabled.
  • unpacker_enabled: Whether to enable heuristic unpacking, enabled by default.
  • extract_depth: Unpacking recursive depth, default 0 means dynamic recursion.
  1. Source Code Audit Related Configuration Parameters, Optional
  • source_sca_recommended: Required, whether to use analyzer recommended configuration. When this option is true, source_sca_min_file_count, source_sca_snippet_match_method, source_sca_snippet_match_rate, source_sca_snippet_match_count, source_sca_small_file_line_count are ignored.
  • source_sca_min_file_count: Minimum number of files to detect a component (when the number of files hitting the same component is <= MinFileCount, the component is not detected), value range minFileCount >= 1.
  • source_sca_snippet_match_method: Source code matching method.
  • source_sca_snippet_match_rate: Minimum match rate (number of features hit/total number of features), value range 0 <= SnippetMatchRate <= 1 (percentage).
  • source_sca_snippet_match_count: Minimum number of matching lines. Value range snippetMatchCount >= 0.
  • source_sca_small_file_line_count: After removing comments, features with fewer than a certain number of lines do not participate in matching. Value range smallFileLineCount >= 1.
  1. Advanced Configuration Optional Parameters
  • advanced_config: Advanced configuration (JSON format). When this parameter is not empty, all analysis configuration parameters in parts 3 and 4 above are ineffective.

Usage in Cloud Native Build

Upload source code to the security audit platform for detection:

# .cnb.yml
main:
  push:
  - services:
      - docker
    stages:
    # Package the source code
    - name: Package source code
      script: 
        - tar -czvf securityaudit.tar.gz ./src
    # Upload source code to the security audit platform
    - name: Security Audit
      image: tencentcom/ksas-audit-suites
      imports:
        - https://cnb.xxx.vom/xxx/your-envs.yml
      settings: 
        team_name: teamname
        project_name: projectname
        analysis_path: ./securityaudit.tar.gz
        analysis_type: ArtifactSource
        analysis_name: $CNB_BUILD_ID
        website: https://your-url
        token: $TOKEN

Upload docker image to the security audit platform for detection:

# .cnb.yml
main:
  push:
  - services:
      - docker
    stages:
    - name: docker build & push & save
      script: 
        - docker build -t security-audit:latest .
        - docker save security-audit:latest > security-audit.tar
    # Upload tar format image file to the security audit platform
    - name: Security Audit
      image: tencentcom/ksas-audit-suites
      imports:
        - https://cnb.xxx.vom/xxx/your-envs.yml
      settings: 
        team_name: teamname
        project_name: projectname
        analysis_path: ./security-audit.tar
        analysis_type: ArtifactDocker
        analysis_name: $CNB_BUILD_ID
        website: https://your-url
        token: $TOKEN

About

ksas-audit-suites

1.13 MiB
0 forks1 stars2 branches0 TagREADMEMIT license
Language
Python98.4%
Shell1.4%
Dockerfile0.1%
Makefile0.1%
© 2025 Tencent, Inc. Supported by Tencent Cloud
About Us
Privacy Policy
Terms of Service
SLA
API
Docs
Showcase
Feedback
35/F,Tencent Building,Kejizhongyi Avenue,Nanshan District,Shenzhen
京ICP备11018762号-111
粤公网安备44030002006058号粤公网安备44030002006058号