amye
commented
4 months ago One note: https://github.com/4urcloud/Kexa/blob/dev/LICENCE.txt states that you're licensed under MIT. If accepted, you'd need to relicense under Apache 2.0 per https://github.com/cncf/foundation/blob/main/charter.md#11-ip-policy.
Application contact emails
patrick.szymkowiak@innovtech.eu, esteban.mathia@innovtech.eu
Project Summary
Open source cross-cloud platform compliance and customizable security tools
Project Description
Kexa is a tool for ensuring compliance and security in different environments. Using standardized yaml rules, those more or less familiar with the cloud can define a set of standards that their environment must meet. Kexa offers detailed reporting on different communication channels, data retrieval from your cloud and export of scans for archiving/history. Its detailed reports facilitate analysis and compliance, and guarantee complete visibility of your infrastructure state. Scalable and integrable, Kexa adapts to the evolution of your infrastructure and connects easily to your existing tools. It is designed so that everyone can make it their own. Information inputs and outputs are based on the addon principle, making it quick and easy to customize your instance. It can be deployed as a script, Docker or github action. Kexa is flexible in the way it is deployed, and can be quickly incorporated into CI/CDs or pipeline to guarantee the integrity of your workflow on a high frequency check
Org repo URL (provide if all repos under the org are in scope of the application)
https://github.com/4urcloud
Project repo URL in scope of application
https://github.com/4urcloud/Kexa, https://github.com/4urcloud/Kexa_githubAction
Additional repos in scope of the application
No response
Website URL
https://kexa.io/
Roadmap
https://github.com/4urcloud/Kexa/blob/dev/ROADMAP.md
Roadmap context
No response
Contributing Guide
https://github.com/4urcloud/Kexa/blob/main/CONTRIBUTING.md
Code of Conduct (CoC)
https://github.com/4urcloud/Kexa/blob/main/CODE_OF_CONDUCT.md
Adopters
No response
Contributing or Sponsoring Org
No response
Maintainers file
https://github.com/4urcloud/Kexa/blob/dev/MAINTAINERS.md
IP Policy
Trademark and accounts
Why CNCF?
Integrating our Kexa project into the Cloud Native Computing Foundation (CNCF) is of crucial importance, mainly because of the extremely positive feedback our initiative has received from regional companies. We've seen significant enthusiasm from our local users, highlighting the efficiency and innovation Kexa brings to their workflows. However, the crucial challenge we face lies in the lack of wider adoption, mainly attributable to a certain reluctance due to a perceived lack of confidence in our current structure. By joining the CNCF, an organization renowned for its commitment to transparency, collaboration and security in cloud-native technologies, we are reinforcing the credibility of our project. This membership demonstrates our commitment to industry best practice, which in turn can allay concerns about trust and encourage wider adoption of Kexa on the technology scene.
Benefit to the Landscape
Kexa brings to the CNCF landscape a complete solution for ensuring compliance and security in a variety of environments. Kexa offers an approach that enable people with different levels of cloud expertise to define and apply standardized or variabilized rules that will quickly bring any project or workspace into compliance. Its adaptability is a key differentiator. Deployment is possible not only as a script, but also as a Docker container or as a GitHub action. The project's emphasis on addon-based information input and output enables rapid customization. This facilitates adaptation to diverse business requirements. Kexa's integration into CI/CD pipelines ensures high-frequency verification, guaranteeing the integrity of workflows: preproduction, production release and solution maintenance. This unique combination of features positions Kexa as a unique and flexible solution, addressing compliance and security challenges comprehensively in the CNCF landscape.
Cloud Native 'Fit'
Kexa fits into the Cloud Native landscape, embodying the key principles and elements inherent in Cloud technologies. Kexa is fully compatible with the containerization principles that are the essence of cloud development, encapsulating its functionality in a Docker container for rapid deployment. This approach is fundamental to ensuring consistency and portability across diverse cloud environments.
To further reinforce its cloud-native identity, Kexa adopts an addon-based architecture, echoing the modularity and scalability principles of microservices. This architecture enables users to customize and extend functionalities, promoting adaptability and evolution of infrastructures, as well as ease of maintenance.
Kexa uses YAML files to define compliance rules. This practice is very similar to IaC (infrastructure as code). This method facilitates versioning, collaboration and automation, improving the efficiency of compliance management in cloud environments.
The project integrates into continuous integration/continuous deployment (CI/CD) pipelines, as evidenced by its option to deploy as a GitHub action. This integration streamlines the automation of compliance actions, aligning with CNCF's principle of automating software delivery processes for rapid and reliable deployment.
We have built, and continue to build, a project that is flexible and adaptable to tomorrow's cloud. Kexa becomes a versatile tool for rapidly transforming ideas and concepts into concrete realizations. It adapts to the changing day-to-day needs of different providers, while offering security over the quality levels of our infrastructure. Kexa provides health status reports, which can be in alert format, or recorded as monitoring and observability data.
Finally, Kexa's compatibility with various cloud environments makes it an interoperable tool, supporting a multi-cloud strategy and mitigating the risks of vendor lock-in. This promotes flexibility and choice of cloud platform, while maintaining consistency of compliance and security measures.
In short, Kexa holistically embodies cloud-native principles, meeting the evolving needs of organizations adopting Cloud Native development practices.
Cloud Native 'Integration'
Kexa has been specifically designed to meet the day-to-day needs of clouds, Kubernetes and related SaaS environments. It has been designed to be easy to use, quick to set up, reusable and can be integrated in a containerized way into a cloud stack. In this context, Kexa acts as an extension and additional layer to many existing tools, notably Kubernetes and Grafana. Its possible future deployment as a Kubernetes operator positions it as a complementary component in the container management ecosystem. What's more, its integration with Grafana strengthens the overall observability capability, offering a unified and coherent solution for monitoring and compliance in the cloud environment. Kexa complements and depends on these CNCF projects, enriching their functionality, simplifying operational processes and enhancing the overall efficiency of cloud management.
Cloud Native Overlap
We don't know the entire CNCF environment by heart, but we don't know of any project overlap to ours as far we search.
Similar projects
While Kexa and Open Policy Agent (OPA) share a focus on policy enforcement in cloud-native environments, their approaches and core functionality distinguish them significantly. OPA is renowned for its ability to make policy decisions and enforce them at runtime, evaluating policies against incoming requests. In contrast, Kexa excels at verifying and ensuring the compliance status of environments, offering the unique ability to create comprehensive inventories and historical records of infrastructure status. This fundamental difference makes Kexa a complementary tool to OPA, as it goes beyond real-time policy decisions to provide a holistic compliance verification and historical tracking solution, offering a distinct perspective in the CNCF landscape.
Landscape
No, we are not
Business Product or Service to Project separation
N/A
Project presentations
N/A
Project champions
N/A
Additional information
N/A