Gandiva is an advanced Extended Security Posture Management (xSPM) platform designed to help organizations monitor, assess, and improve their cloud security posture across multi-cloud environments. It offers deep visibility into cloud assets, detects security issues, and provides actionable remediation guidance.
- How to Deploy
- Key Features
- Architecture
- Project Structure
- Cloud Resource Scanning
- Security Considerations
- Documentation
- Screenshots
- Contributors
Ensure you have:
- Docker installed.
- AWS credentials configured (
~/.aws). - Kubernetes configuration (
~/.kube).
To run Gandiva using Docker:
-
Clone the repository:
git clone https://github.com/h4r5h1t/gandiva-xspm.git cd gandiva-xspm -
Build Docker images:
Note: Image builds may take several minutes. Please be patient.
docker build -t gandiva-backend -f Dockerfile.backend . docker build -t gandiva-frontend -f Dockerfile.frontend .
-
Start the containers:
chmod +x start_gandiva.sh ./start_gandiva.sh
For a simpler deployment:
-
Clone the repository:
git clone https://github.com/h4r5h1t/gandiva-xspm.git cd gandiva-xspm -
Launch using Docker Compose:
Note: Image builds may take several minutes. Please be patient.
docker compose up -d --build
-
Verify that containers are running:
docker compose ps
- Frontend: http://localhost:8080
- Default Credentials:
- Username:
gandiva - Password:
gandiva_password
- Username:
- π Multi-Cloud Asset Inventory β Unified view of AWS, Kubernetes, and other resources.
- π¨ Security Findings β Detect misconfigurations and compliance issues.
- πΈοΈ Relationship Visualization β Graph-based visualization of resource interconnections.
- π‘οΈ Vulnerability Management β Identify and remediate resource vulnerabilities.
- β Benchmark Compliance β CIS, NIST compliance assessments.
- π³ Container Security β Detect vulnerabilities in container images and configurations.
- π§ͺ Database Security β Analyze and monitor database posture.
- π Secret Detection β Find exposed secrets in source code.
- π Interactive Dashboard β Clean, intuitive interface for actionable insights.
Gandiva comprises the following core components:
- Backend API: Flask-based RESTful API server integrating various scanning tools.
- Frontend UI: React-based dashboard with rich visualization and controls.
- Analysis Engine: Integration with Steampipe and Neo4j for data analysis and visualization.
- Frontend: React, TypeScript, Tailwind CSS, Shadcn UI, React Flow.
- Backend: Python, Flask, Flask-RESTful, JWT Authentication.
- Databases: MongoDB for application data, Neo4j for graph visualization.
- Scanning: Steampipe for cloud resource scanning, Checkov, Trivy, custom scanners.
- Deployment: Docker Compose, Kubernetes-ready.
gandiva/
βββ backend/ # Flask backend application
β βββ app.py # Main application entry point
β βββ resources.py # API resources and endpoints
β βββ neo4j_*.py # Neo4j integration
β βββ steampipe_*.py # Steampipe integration
β βββ *_scanner_*.py # Various scanners
βββ frontend/ # React frontend application
β βββ src/ # Source code
β β βββ components/ # React components
β β βββ pages/ # Page components
β β βββ services/ # API services
β βββ public/ # Static assets
βββ docker-compose.yml # Docker Compose configuration
βββ Dockerfile.* # Docker build configurations
Gandiva leverages Steampipe to scan multi-cloud resources.
Ensure AWS CLI is set up with valid credentials:
aws configureEnsure your ~/.kube/config file is properly configured and has access to your cluster.
- All endpoints are protected using JWT token authentication.
- Role-based access control for administrative functions.
- Secure storage of cloud credentials.
- Token refresh mechanism for persistent sessions.
h4r5h1t