Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / OSS Tool Images

Documentation

OSS Tool Images

Project-Agent-trust-merge / arxsec-api/docker/oss-tools/README.md

Project-Agent-trust-merge repo-root arxsec-api/docker/oss-tools/README.md

Docker images that wrap community / open-source security tools so ARX can invoke them through the community-oss sandbox profile.

Each tool gets its own subdirectory with a pinned Dockerfile. The connector Python module references the published image tag via a DEFAULT_<TOOL>_IMAGE constant; production deployments should pin by SHA digest at deploy time.

Adding a new tool

  1. Create <tool>/Dockerfile here. Use a non-root user (arx, uid 10001),

make /work writable, install the tool at a pinned version, and set the tool binary as ENTRYPOINT.

  1. Add a connector module under arxsec-api/app/connectors/<tool>.py

following the garak / promptfoo pattern.

  1. Add the connector to CONNECTOR_REGISTRY and CONNECTOR_METADATA in

arxsec-api/app/connectors/__init__.py.

  1. Add a credential schema entry in

arxsec-api/app/connectors/schemas.py (use LLM_PROVIDER_CREDS for AI-targeting tools).

  1. Add unit tests under arxsec-api/tests/test_oss_<tool>.py.

Images are intended to be built and published to ghcr.io/arxsec/oss-tools/<tool> on each merge to main via a future GitHub Actions workflow.