Metadata-Version: 1.1
Name: anteater
Version: 0.1
Summary: anteater
Home-page: https://gerrit.opnfv.org/gerrit/gitweb?p=releng-anteater.git
Author: Luke Hinds
Author-email: lhinds@redhat.com
License: Copyright 2017 Open Platform for NFV Project, Inc. and its contributors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Description: # Anteater
        
        ![anteater](http://i.imgur.com/BPvV3Gz.png)
        
        CI Gate Security for Gerrit
        ---------------------------
        
        Description
        -----------
        
        Anteater performs scanning of any commited patches sent to a gerrit code review
        site. Each time a patch is pushed to a repository, jenkins instantiates
        anteater, who then performs a series of security checks to each file proposed
        in a patch.
        
        Checks consist of verification that no binary / blobs are present. If they are,
        they are immediately voted as '-1' (do not merge), until a review has occurred
        to insure the binary is safe and its origins are known. Once agreed as safe, a
        sha256 checksum is entered into anteaters 'exception' list to insure it is not
        maliciously replaced at any given time in the future.
        
        Checks are made to insure the file are not of a sensitive nature, for example
        cryptographic keys or application configuration files known to contain
        sensitive details, are all blocked from merge.
        
        Finally a deep scan is performed to look for suspect patterns, such as scripts
        pulling in file / objects from untrusted sites, or various patterns such as
        shell executions.
        
        Anteater uses an open framework to allow users to add new additions easily,
        without having to touch any code.
        
        Anteater was developed to address concerns of recent high profile attacks that
        have occurred against CI environments, where hackers have backdoor'ed build /
        DevOps systems by various means (such as stealing a users ssh key and self
        approving patches). By having automated non-human checks in place, it adds an
        extra layer of security review with the ability to block a patch merge at gate.
        
        The project is mainly used in the Linux Foundations OPNFV platform, which has
        over 40 repositories that need monitoring. Plans are in place to port it to the
        github API where it can operate as a review bot as part of a github hosted
        project.
Keywords: anteater
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
