-
Notifications
You must be signed in to change notification settings - Fork 10
Tools Integration
11 tools covering identity, secrets, container/IaC/cloud vulnerability scanning, SAST, DAST and secret detection in repositories.
Deploy with ./medusa.sh deploy <name> or the interactive menu (option 3).
| Tool | Type | Role |
|---|---|---|
| keycloak | docker | IAM, SSO, MFA, identity federation |
| teleport | cli | PAM, privileged access SSH/Kubernetes/DB |
| vault | docker | Secrets manager (dev mode) |
| trivy | cli | Container & IaC vulnerability scanner |
| semgrep | cli | SAST, static code analysis |
| owasp-zap | docker | DAST, web security scanner |
| gitleaks | cli | Secret detection in Git repositories |
| checkov | cli | Static IaC analysis (Terraform, Kubernetes) |
| prowler | cli | Cloud security audit (AWS/Azure/GCP) |
| scoutsuite | cli | Multi-cloud audit with HTML report |
| falco | docker | Cloud-native runtime threat detection |
Identity and access management: SSO, MFA, federation. Image quay.io/keycloak/keycloak:26.2 with a PostgreSQL backend.
-
URL:
http://localhost:8180— admin console at/admin, useradmin, password generated and saved tocredentials.txt
cli. Privileged access management for SSH, Kubernetes and databases. Installed via the official goteleport.com installer.
-
Command:
teleport -
Ports:
3023(SSH proxy),3080(web) - Some operations require root, the sub-menu offers to re-run with
sudo.
HashiCorp Vault secrets manager. Image pinned to hashicorp/vault:1.21.4.
-
URL:
http://localhost:8200 -
CLI:
export VAULT_ADDR=http://localhost:8200 ⚠️ Deployed in dev mode: in-memory storage, single unseal key, predictable root token. Never use this for production secrets. See Security.
cli. Vulnerability scanner for container images, filesystems and IaC. Installed by downloading the official Aqua installer to a temp file, then running it.
-
Command:
trivy - Examples:
trivy image <image:tag>,trivy fs <path>,trivy config <path>
cli. Static application security testing. Installed via pip/pipx.
-
Command:
semgrep
DAST web application scanner. Image pinned to zaproxy/zap-stable:2.17.0.
-
URL:
http://localhost:8090/zap/
cli. Detects secrets committed to Git repositories.
-
Command:
gitleaks
cli. Static analysis for IaC (Terraform, CloudFormation, Kubernetes). Installed via pip/pipx.
-
Command:
checkov
cli. Cloud security posture audit for AWS, Azure and GCP. Installed via pip/pipx.
-
Command:
prowler - The sub-menu helps configure cloud credentials before a scan.
cli. Multi-cloud security auditing, produces an HTML report.
-
Command:
scout(the binary name differs from the tool name)
Cloud-native runtime threat detection. Image pinned to falcosecurity/falco:0.44.1.
- Runs as a daemon, no web interface. Alerts are emitted to logs; follow them with
./medusa.sh logs falco.
Next: Tools-OT · Ports-Reference
Repository · Issues · Security policy · MIT License
Get running
Concepts
Tool catalog
Reference
Develop