santa
santa copied to clipboard
A binary authorization and monitoring system for macOS
How do I subscribe to events generated by Santa. For example, I have an app that would like to listen in when Santa blocks a binary and would like to...
Currently, you can set a specific binary, cert, or path to be blocked silently, but there isn't a generic setting to do silent (no pop-up) blocks for _anything_ that can...
Hey, I would like to uninstall this app from my computer which I bought from eBay, and I can't afford this. Could You be so kind and advice what to...
This is a work-in-progress, being released in draft form in order to solicit early feedback. ## Building / Running Build using the following command: ``` bazel build --apple_generate_dsym -c opt...
We have fuzz tests in the repo but they're not buildable by the existing BUILD rules (they were originally added with cmake rules but those got out of date quickly)....
The loop I find myself in often with Santa is something like this... 1. Launch binary 2. Receive Santa block message 3. Get an exception 4. Go to 1 Step...
We'd like to regularly scan the code in Santa's repository with codeql. This means adding https://github.com/github/codeql-action to a GitHub workflow.
We'd like to extend rule types in Santa to block off of binary CDHash. As CDHashes are already provided by the EndpointSecurity framework, this allows us to skip the expensive...
@mlw showed me [hyperfine](https://github.com/sharkdp/hyperfine) and it'd be nice to have a benchmark workflow that runs our unit tests / benchmarks at least nightly if not as part of the CI.
Santa needs support for structured logging. Since protobuf is lingua franca of Google lets start there. ## Steps to Completion - [x] Add configuration to support logging to protobuf -...