oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
af7a9714043bdf70f8f9d904e3aeb2969965b93f
aitbc/docs/apps/plugins/plugin-security.md
aitbc 522655ef92
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 10s
Details
Blockchain Synchronization Verification / sync-verification (push) Failing after 3s
Details
CLI Tests / test-cli (push) Failing after 4s
Details
Documentation Validation / validate-docs (push) Successful in 8s
Details
Documentation Validation / validate-policies-strict (push) Successful in 4s
Details
Integration Tests / test-service-integration (push) Successful in 38s
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Successful in 2s
Details
P2P Network Verification / p2p-verification (push) Successful in 3s
Details
Security Scanning / security-scan (push) Successful in 40s
Details
Smart Contract Tests / test-solidity (map[name:aitbc-token path:packages/solidity/aitbc-token]) (push) Successful in 15s
Details
Smart Contract Tests / lint-solidity (push) Successful in 8s
Details
Move blockchain app READMEs to centralized documentation 
- Relocate blockchain-event-bridge README content to docs/apps/blockchain/blockchain-event-bridge.md
- Relocate blockchain-explorer README content to docs/apps/blockchain/blockchain-explorer.md
- Replace app READMEs with redirect notices pointing to new documentation location
- Consolidate documentation in central docs/ directory for better organization
2026-04-23 12:24:48 +02:00

4.7 KiB
Raw Blame History

Plugin Security

Status

Operational

Overview

Security plugin for scanning, validating, and monitoring AITBC plugins for security vulnerabilities and compliance.

Architecture

Core Components

  • Vulnerability Scanner: Scans plugins for security vulnerabilities
  • Code Analyzer: Analyzes plugin code for security issues
  • Dependency Checker: Checks plugin dependencies for vulnerabilities
  • Compliance Validator: Validates plugin compliance with security standards
  • Policy Engine: Enforces security policies

Quick Start (End Users)

Prerequisites

  • Python 3.13+
  • Access to plugin files
  • Vulnerability database access

Installation

cd /opt/aitbc/apps/plugin-security
.venv/bin/pip install -r requirements.txt

Configuration

Set environment variables in .env:

VULN_DB_URL=https://vuln-db.example.com
SCAN_DEPTH=full
COMPLIANCE_STANDARDS=OWASP,SANS
POLICY_FILE=/path/to/policies.yaml

Running the Service

.venv/bin/python main.py

Developer Guide

Development Setup

  1. Clone the repository
  2. Create virtual environment: python -m venv .venv
  3. Install dependencies: pip install -r requirements.txt
  4. Configure vulnerability database
  5. Configure security policies
  6. Run tests: pytest tests/

Project Structure

plugin-security/
├── src/
│   ├── vulnerability_scanner/ # Vulnerability scanning
│   ├── code_analyzer/        # Code analysis
│   ├── dependency_checker/   # Dependency checking
│   ├── compliance_validator/ # Compliance validation
│   └── policy_engine/       # Policy enforcement
├── policies/                # Security policies
├── tests/                   # Test suite
└── pyproject.toml           # Project configuration

Testing

# Run all tests
pytest tests/

# Run vulnerability scanner tests
pytest tests/test_scanner.py

# Run compliance validator tests
pytest tests/test_compliance.py

API Reference

Vulnerability Scanning

Scan Plugin

POST /api/v1/security/scan
Content-Type: application/json

{
  "plugin_id": "string",
  "version": "1.0.0",
  "scan_depth": "quick|full",
  "scan_types": ["code", "dependencies", "configuration"]
}

Get Scan Results

GET /api/v1/security/scan/{scan_id}

Get Scan History

GET /api/v1/security/scan/history?plugin_id=string

Code Analysis

Analyze Code

POST /api/v1/security/analyze
Content-Type: application/json

{
  "plugin_id": "string",
  "code_path": "/path/to/code",
  "analysis_types": ["sast", "secrets", "quality"]
}

Get Analysis Report

GET /api/v1/security/analyze/{analysis_id}

Dependency Checking

Check Dependencies

POST /api/v1/security/dependencies/check
Content-Type: application/json

{
  "plugin_id": "string",
  "dependencies": [{"name": "string", "version": "string"}]
}

Get Vulnerability Report

GET /api/v1/security/dependencies/vulnerabilities?plugin_id=string

Compliance Validation

Validate Compliance

POST /api/v1/security/compliance/validate
Content-Type: application/json

{
  "plugin_id": "string",
  "standards": ["OWASP", "SANS"],
  "severity": "high|medium|low"
}

Get Compliance Report

GET /api/v1/security/compliance/report/{validation_id}

Policy Enforcement

Check Policy Compliance

POST /api/v1/security/policies/check
Content-Type: application/json

{
  "plugin_id": "string",
  "policy_name": "string"
}

List Policies

GET /api/v1/security/policies

Configuration

Environment Variables

  • VULN_DB_URL: Vulnerability database URL
  • SCAN_DEPTH: Default scan depth (quick/full)
  • COMPLIANCE_STANDARDS: Compliance standards to enforce
  • POLICY_FILE: Path to security policies file

Scan Types

  • SAST: Static Application Security Testing
  • Secrets Detection: Detect hardcoded secrets
  • Dependency Scanning: Scan dependencies for vulnerabilities
  • Configuration Analysis: Analyze configuration files

Compliance Standards

  • OWASP: OWASP security standards
  • SANS: SANS security controls
  • CIS: CIS benchmarks

Troubleshooting

Scan not running: Check vulnerability database connectivity and plugin accessibility.

False positives: Review scan rules and adjust severity thresholds.

Compliance validation failed: Review plugin code against compliance standards.

Policy check failed: Verify policy configuration and plugin compliance.

Security Notes

  • Regularly update vulnerability database
  • Use isolated environment for scanning
  • Implement rate limiting for scan requests
  • Secure scan results storage
  • Regularly audit security policies
  • Monitor for security incidents