KlustAIR Scanner

The Klustair scanner scanns your Kubernetes namespaces for the used images and submits them to Anchore. This is the scanner part.

INFORMATION This runner is deprecated in favor of the new klustair-cli. For Klustair newer than v0.6.0 please use the klustair-cli written in GO.

Related Klustair projects:

Klustair Frontend to view the scanner results
Klustair Helm charts to spin up Anchore and Klustair

Related opensource projects

trivy A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts
(DEPRECATED) anchore-engine A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls

Requirements

Python 3
Running Anchore (See docker-compose-anchore.yaml)

Usage

usage: runner.py [-h] [-v] [-n NAMESPACES] [-N NAMESPACESBLACKLIST]
                 [-k KUBEAUDIT] [-l LABEL] [-a] [-t] [-c TRIVYCREDENTIALS]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         increase output verbosity
  -n NAMESPACES, --namespaces NAMESPACES
                        Coma separated whitelist of Namespaces to check
  -N NAMESPACESBLACKLIST, --namespacesblacklist NAMESPACESBLACKLIST
                        Coma separated blacklist of Namespaces to skip
  -k KUBEAUDIT, --kubeaudit KUBEAUDIT
                        Coma separated list of audits to run. default: 'all',
                        disable: 'none'
  -l LABEL, --label LABEL
                        A optional title for your run
  -a, --anchore         Run Anchore vulnerability checks
  -t, --trivy           Run Trivy vulnerability checks
  -c TRIVYCREDENTIALSPATH, --trivycredentialspath TRIVYCREDENTIALSPATH
                        Path to repo credentials for trivy
  -ld LIMITDATE, --limitDate LIMITDATE
                        Remove reports older than X days
  -ln LIMITNR, --limitNr LIMITNR
                        Keep only X reports
  -C CONFIGKEY, --limitNr CONFIGKEY
                        Load remote configuration from frontend
  -H APIHOST, --limitNr APIHOST
                        Remote API-host address [example: https://localhost:8443]

ENV vars

export KLUSTAIR_NAMESPACES=
export KLUSTAIR_NAMESPACEBLACKLIST=
export KLUSTAIR_KUBEAUDIT=
export KLUSTAIR_TRIVYCREDENTIALSPATH=

Run in Docker

cp .env.example .env
vim .env
docker-compose up -d

docker-compose up -d -e PATH_LOCAL_KUBECONFIG=~/.kube/config

Start Anchore locally

curl https://docs.anchore.com/current/docs/engine/quickstart/docker-compose.yaml > docker-compose-anchore.yaml
docker-compose -f docker-compose-anchore.yaml up -d

develop

python3 -m venv env
source env/bin/activate
pip install -r requirements.txt

deactivate

build

cp .env.example .env
vim .env
docker compose build

docker compose build

klustAIR's Projects

cvssv3

A Common Vulnerability Scoring System version 3.0 implementation for golang.

klustair

(Deprecated) Submit all images in your Kubernetes cluster to Anchore for a vulnerability check and check your configuration with kubeaudit

klustair-cli

Scan all images in your Kubernetes cluster with Trivy and check your configuration with Kubeaudit

klustair-frontend

Frontend to Klustair scanner and Anchore

klustair-helm

Helm chart do deploy klustair with anchore

kubeaudit-action

Action to run Kubeaudit on a helm chart repository

kubero

A Heroku alternative for Kubernetes

trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

klustair Goto Github PK