Scan Request Service (SRS)

A pre-packaged containerized scanning control plane. Get up and running with industry-standard security scanners in minutes, or create your own custom scanners with the help of our automation suite.

Introduction

SRS is a collection of ready-to-run containerized security scanners designed to eliminate the startup costs associated with adopting new security tooling. All scan containers provide their associated scans via a unified RESTful API, support asynchronous scanning with job management, and can be configured to forward scan output to a Splunk instance for further insights.

Beyond providing these scanning services, the SRS project presents a tightly packaged set of automations engineered to facilitate the rapid creation of custom Flask microservices. Any service created via these automations will be interoperable with the rest of the SRS ecosystem, but can also be used as a standalone service.

How Does it Work?

The architecture of the Scan Request Service is deeply inspired by two ideas. The first is the Chrysler K platform. The other is Martin's Single Responsibility Principle. In both, the big idea was that decomposing systems by what changes and what drives that change leads to good things.

Under the hood, SRS uses a small number of standard libraries to make things happen. It is written entirely in Python. Services are Flask / Gunicorn apps packaged as docker images. Business logic is encapsulated as Flask Blueprints, which are created and managed independently of the service chassis that will carry them. When a new service is to be made, desired business logic is selected à la carte from the menu of available Blueprints, injected into an instance of a common service chassis, and then turned into a Docker image. From there, the service can be hosted and run similar to any other Docker container.

In other words, when you want to make a new service, you:

1. Use the automation to create a new Blueprint instance
2. Put your business logic into the Blueprint instance
3. Use the automation to make a new service instance that contains your new Blueprint and whatever other Blueprints you want in the service. Blueprints are reusable, so common logic can be included in as many services as you'd like
4. Run the built service container

Features at a Glance

What scanners are provided?

• ClamAV (antivirus)
• Semgrep (SAST)
• Syft (SBOM)
• Grype (vuln scanning)
• Trufflehog (secret detection)
• Slackwatchman (secret detection)

What non-scanning services are provided?

• Orchestrator
  • asynchronous scan orchestration
  • simultaneous scan orchestration
• Sqlcache
  • asynchronous scan management cache (only used in conjunction with asynchronous scan workflows managed by the Orchestrator service)
• Fileinfo
  • produce a metadata dump for a given file artifact

What else can SRS do?

Level up your security insights with Splunk

• forward scan results to a Splunk instance with a simple configuration toggle
• kickstart your insights with our sample dashboards and SPL queries

Instant scaffolding for your own custom Flask microservices

• get started with a ready-to-go sample Flask blueprint for your microservice
• jump right into testing with autogenerated unit and integration tests
• modify a sample OpenAPI spec to document your service's API
• customize your build with blank-slate Dockerfile and entrypoint script templates

Painless build automation to compile and run your custom microservices

• seamlessly combine multiple Flask blueprints into a single microservice
• statically configure build variables and let our make targets handle container compilation
• rapidly spin up built services via an interactive CLI

Getting Started

Want to take SRS for a spin? Hit the ground running with our Quickstart guide!

Get Involved

Want to contribute to the SRS project? Read our contribution guidelines!

Docs

• Quickstart

• Understanding SRS Blueprints

• Getting Started with Scan Orchestration

• Splunk Search Queries and Examples

• Blueprint Template Manifest

• Chassis Manifest

• Make Help

• Developer FAQ

• CONTRIBUTING.md

A Note For Windows Users

SRS has been written in a platform independent way to the greatest degree possible. That being said, none of this has been tested on Windows and some of the automation likely won't work correctly from powershell or command prompt. It is therefore strongly recommended that you use Windows Subsystem for Linux (WSL) when working with SRS. Here is a doc link to help you get that set up.

A Small Note on Nomenclature

SRS was previously named PAT (Prodsec Automation Toolkit). We have renamed the project to better reflect its scope and use cases. You may see the term or suffix "PAT" used throughout the repository and codebase. These are legacy artifacts from the original project automation and will be replaced in time.

Got Questions?

SRS is made with ❤️ by Splunk DevSecOps. If you have questions not addressed in the FAQ, create an issue on Github and we'll be in touch!