Packer Plugin Mondoo
Mondoo tests Packer builds for vulnerabilities and misconfigurations by executing security policies-as-code enabled in Mondoo Platform. Mondoo Platform comes stocked with an ever-increasing collection of certified security policies which can be easily customize to meet your needs.
If you are new to Mondoo you can get started by signing up for a free account today!
Mondoo supports Linux, Windows, and macOS, as well as Docker container builds.
Installation
Using pre-built releases
Using the packer init command
Starting from version 1.7, Packer supports a new packer init command allowing automatic installation of Packer plugins. Read the Packer documentation for more information.
To install this plugin, copy and paste this code into your Packer configuration . Then, run packer init.
packer {
required_plugins {
mondoo = {
version = ">= 0.2.1"
source = "github.com/mondoohq/mondoo"
}
}
}
Manual installation
You can find pre-built binary releases of the plugin here. Once you have downloaded the latest archive corresponding to your target OS, uncompress it to retrieve the plugin binary file corresponding to your platform. To install the plugin, please follow the Packer documentation on installing a plugin.
Build from source
If you prefer to build the plugin from sources, clone the GitHub repository locally and run the command go build from the root directory. Upon successful compilation, a packer-plugin-mondoo plugin binary file can be found in the root directory. To install the compiled plugin, please follow the official Packer documentation on installing a plugin.
Configuration
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
annotations |
Custom annotations can be applied to Packer build assets to provide additional metadata for asset tracking. | map of strings |
None | No |
asset_name |
Overwrite the asset name in Mondoo Platform. | string |
None | No |
on_failure |
Set on_failure = "continue" to ignore build failures that do not meet any set score_threshold. |
string |
None | No |
score_threshold |
Set a score threshold for Packer builds [0-100]. Any scans that fall below the score_threshold will fail unless on_failure = "continue". For more information see Policy Scoring in the Mondoo documentation. |
int |
None | No |
sudo |
Use sudo to elevate permissions when running Mondoo scans. | bool |
None | No |
Example: Complete Configuration
provisioner "mondoo" {
on_failure = "continue"
score_threshold = 85
asset_name = "example-secure-base-image"
sudo {
active = true
}
annotations = {
Source_AMI = "{{ .SourceAMI }}"
Creation_Date = "{{ .SourceAMICreationDate }}"
}
}
}
Sample Packer Templates
You can find example Packer templates in the examples directory in this repository.
Contributing
- If you think you’ve found a bug in the code or you have a question regarding the usage of this software, please reach out to us by opening an issue in this GitHub repository.
- Contributions to this project are welcome: if you want to add a feature or a fix a bug, please do so by opening a Pull Request in this GitHub repository. In case of feature contribution, we kindly ask you to open an issue to discuss it beforehand.
