Scanning Tools

Konarr uses industry-standard security scanning tools to generate Software Bill of Materials (SBOM) and detect vulnerabilities in container images. The agent supports multiple tools, each with specific capabilities and features.

Supported Tools

Konarr supports three primary scanning tools:

Syft

Syft is an open-source SBOM generation tool from Anchore that catalogs software packages and dependencies across various formats.

Features:

  • SBOM Generation: Creates comprehensive Software Bill of Materials in multiple formats (SPDX, CycloneDX)
  • Multi-Language Support: Detects packages from NPM, Cargo, Deb, RPM, PyPI, Maven, Go, and more
  • Container Layer Analysis: Scans all layers of container images
  • File System Cataloging: Analyzes installed packages, language-specific packages, and binaries
  • Fast Performance: Optimized for quick scanning of large images

Konarr Implementation:

  • Primary tool for SBOM generation
  • Auto-install supported in agent
  • Cataloger scope can be configured (all-layers, squashed)
  • Path exclusion support for temporary directories

Links:

Grype

Grype is a vulnerability scanner from Anchore that matches packages against known CVE databases.

Features:

  • Vulnerability Detection: Scans software packages for known vulnerabilities
  • Multiple Database Sources: Uses multiple vulnerability databases including NVD, Alpine SecDB, RHEL Security Data
  • SBOM Analysis: Can scan SBOMs generated by Syft or other tools
  • Severity Filtering: Filter results by vulnerability severity (critical, high, medium, low)
  • Format Support: Works with all Syft-supported package formats
  • Regular Updates: Vulnerability database updates automatically

Konarr Implementation:

  • Used for vulnerability scanning after SBOM generation
  • Auto-install supported in agent
  • Configurable severity thresholds
  • Option to ignore fixed vulnerabilities

Links:

Trivy

Trivy is a comprehensive security scanner from Aqua Security that detects vulnerabilities, misconfigurations, and secrets.

Features:

  • Multi-Format Scanning: Detects vulnerabilities in OS packages, language dependencies, and application dependencies
  • Container Image Scanning: Comprehensive container image analysis
  • IaC Scanning: Scans Infrastructure as Code files (Terraform, CloudFormation, Kubernetes)
  • Secret Detection: Finds exposed secrets and credentials
  • Misconfiguration Detection: Identifies security misconfigurations
  • SBOM Support: Can generate and consume SBOMs in multiple formats

Konarr Implementation:

  • Alternative security scanning tool with broader detection capabilities
  • Auto-install supported in agent
  • Configurable database update behavior
  • Timeout settings for long-running scans

Links:

Tool Selection

Selecting a Tool

You can configure which tool the agent uses through environment variables or configuration files:

Environment Variable:

# Select the primary scanning tool
export KONARR_AGENT_TOOL="syft"  # or "grype", "trivy"

Configuration File (konarr.yml):

agent:
  tool: "syft"  # Primary tool for scanning
  tool_auto_install: true
  tool_auto_update: false

Tool Installation

The agent can automatically install missing tools:

# Enable auto-install (default in container images)
export KONARR_AGENT_TOOL_AUTO_INSTALL=true

# Manual tool installation
konarr-cli tools install --tool syft
konarr-cli tools install --tool grype
konarr-cli tools install --tool trivy

Checking Installed Tools

List installed tools and their versions:

konarr-cli tools list

Output example:

Tool     Version    Status      Path
syft     v0.96.0    Installed   /usr/local/bin/syft
grype    v0.74.0    Installed   /usr/local/bin/grype
trivy    v0.48.0    Missing     -

Viewing Tool Usage

In the Web Interface

When viewing a snapshot in the Konarr web interface, you can see which tool was used to generate the SBOM and scan for vulnerabilities:

  1. Navigate to a project
  2. Click on a specific snapshot
  3. The snapshot details will show the tool used for scanning

Via API

Query the snapshot details through the API to see tool information:

curl -H "Authorization: Bearer $KONARR_AGENT_TOKEN" \
  http://your-server:9000/api/snapshots/{snapshot_id}

The response includes metadata about the scanning tool used.

In Agent Logs

The agent logs show which tool is being used for each scan:

# View agent logs in container mode
docker logs konarr-agent

# Look for lines indicating tool usage
# Example: "Using syft for SBOM generation"

Tool Configuration

Storage Locations

Tools are stored in the following locations:

EnvironmentPath
Container/usr/local/toolcache/
Host install~/.local/bin/ or /usr/local/bin/
CustomSet via KONARR_AGENT_TOOLCACHE_PATH

Advanced Configuration

Configure agent tool settings in konarr.yml:

agent:
  tool: "syft"
  tool_auto_install: true
  tool_auto_update: false

Tool Comparison

FeatureSyftGrypeTrivy
SBOM Generation✅ Primary
Vulnerability Scanning✅ Primary
Package ManagersNPM, Cargo, Deb, RPM, PyPI, Maven, GoAll Syft formatsMulti-format
Secret Detection
IaC Scanning
Auto-Install
SpeedFastFastModerate

Troubleshooting

Tool Installation Issues

If tools fail to install automatically:

# Check tool availability
konarr-cli tools list

# Manual tool install
konarr-cli tools install --tool syft

# Check tool cache
ls -la /usr/local/toolcache/

Tool Version Conflicts

Verify tool versions and compatibility:

konarr-cli tools version

Disabling Auto-Install

For secure environments, disable auto-install and pre-install approved versions:

agent:
  tool_auto_install: false  # Disable automatic installation
  toolcache_path: "/usr/local/toolcache"  # Pre-installed tool location

Additional Resources