BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues. The BrainIAC tool performs a comprehensive code scan and generates reports containing detailed insights into the identified issues.
- 🔍 | Scans IAC Code for misconfiguration.
- 📁 | Has hundreds of pre-defined rules.
- 📁 | Scans a target directory to fill in multiple results.
- ⛑ | Works with major platforms.
- 🗄 | Converts between formats such as JSON and Table BrainIAC own format.
- Kubernetes
- Terraform(AWS, OCI, ARM, GCP, ALIBABA, Kubernetes, Yandex, NCP, Rancher)
- Docker
- CloudFormation
- ARM template files
- Mac
- darwin_amd64.tar.gz
- darwin_arm64.tar.gz
- Linux
- deb
- linux_amd64.deb
- linux_arm64.deb
- linux_ppc64le.deb
- rpm
- linux_amd64.rpm
- linux_arm64.rpm
- linux_ppc64le.rpm
- tar.gz
- linux_amd64.tar.gz
- linux_arm64.tar.gz
- linux_ppc64le.tar.gz
- deb
- Windows
- windows_amd64.zip
curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d /usr/local/binyou can specify a release version and destination directory for the installation:
curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d <DESTINATION_DIR> -v <RELEASE_VERSION>
Scan a single file
brainiac -f <file>
Scan multiple file in a directory
brainiac -d .
docker pull carbonetes/brainiac
Scan a directory
docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -d /tmpPath
Scan a single file
docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -f /path/{filename}.{extension}
The output format for BrainIAC is configurable as well using the
-o (or --output) option:
The available formats are:
table: A Tabular summary (default).json: Use this to get as much information out of BrainIAC.
brainiac [flag]
| Root Flags | Description |
|---|---|
-f, --file |
File to scan |
-d, --dir |
Read directly from a path on disk (any directory) (e.g. 'BrainIAC -d path/to/dir)' (can not be used together with --file). |
-o, --output |
Format to display results (table, json) (default "table") |
-v, --version |
Print BrainIAC version |
c, --check |
Each item should be a BrainIAC check ID(CB_K8S_023), and you can enter multiple items separated by commas. Only the specified checks will be executed, and any other checks will be skipped. |
--skip-check |
The same behavior applies to the --check flag, where you can enter multiple items separated by commas. However, only the specified checks will be skipped, and all other checks will be executed. |
--severity-criteria |
This is used to specify the severity level for filtering results. Only checks with a severity equal to or higher than the specified criteria will be included.([low medium high critical]) |