BrainIAC

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues. The BrainIAC tool performs a comprehensive code scan and generates reports containing detailed insights into the identified issues.

Features

• 🔍 | Scans IAC Code for misconfiguration.
• 📁 | Has hundreds of pre-defined rules.
• 📁 | Scans a target directory to fill in multiple results.
• ⛑ | Works with major platforms.
• 🗄 | Converts between formats such as JSON and Table BrainIAC own format.

Supported Platform

• Kubernetes

Coming Soon

• Terraform(AWS, Azure, and etc.)
• Docker
• CloudFormation
• Serverles Framework
• AWS SAM
• ARM template files

Installation 📥

Installation Support OS 💽

• Mac
  • darwin_amd64.tar.gz
  • darwin_arm64.tar.gz
• Linux
  • deb
    • linux_amd64.deb
    • linux_arm64.deb
    • linux_ppc64le.deb
  • rpm
    • linux_amd64.rpm
    • linux_arm64.rpm
    • linux_ppc64le.rpm
  • tar.gz
    • linux_amd64.tar.gz
    • linux_arm64.tar.gz
    • linux_ppc64le.tar.gz
• Windows
  • windows_amd64.zip

Recommended

curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d /usr/local/bin

you can specify a release version and destination directory for the installation:

curl -sSfL https://raw.githubusercontent.com/carbonetes/brainiac/main/install.sh | sh -s -- -d <DESTINATION_DIR> -v <RELEASE_VERSION>

Getting Started 🚀

Scan a single file

brainiac -f <file>

Scan multiple file in a directory

brainiac -d .

Using Docker

docker pull carbonetes/brainiac

Scan a directory

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -d /tmpPath

Scan a single file

docker run -t -v {path_to_host_folder}:/tmpPath carbonetes/brainiac:latest -f /path/{filename}.{extension}

The output format for BrainIAC is configurable as well using the -o (or --output) option:

The available formats are:

• table: A Tabular summary (default).
• json: Use this to get as much information out of BrainIAC.

Available Commands and their flags with description:

brainiac [flag]

Root Flags	Description
-f, --file	File to scan
-d, --dir	Read directly from a path on disk (any directory) (e.g. 'BrainIAC -d path/to/dir)' (can not be used together with --file).
-o, --output	Format to display results (table, json) (default "table")
-v, --version	Print BrainIAC version

License

Apache 2.0