datreeio / datree

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
https://datree.io
Apache License 2.0
6.39k stars 361 forks source link
admission-webhook best-practices cli datree devops guardrail kubernetes policy policy-management security static-code-analysis

datree=github

Explore the docs »

Datree [DEPRECATED]

Datree (pronounced /da-tree/) was built to secure Kubernetes workloads by blocking the deployment of misconfigured resources. Since July 2023, the commercial company that supports and actively maintains this project has been closed.

Migrating to the (fully) open-source version of Datree

For existing users, it is still possible to run Datree as a standalone: https://hub.datree.io/cli/offline-mode

What will not be available anymore

All the archived open source repositories under datreeio org will no longer be maintained and accept any new code changes, including any security patches. In addition, the following key capabilities will not longer be available anymore:

⚙️ How it works

Datree scans Kubernetes resources against a centrally managed policy, and blocks those that violate your desired policies.

Datree comes with over 100 rules covering various use-cases, such as workload security, high availability, ArgoCD best practices, NSA hardening guide, and many more.

In addition to our built-in rules, you can write any custom rule you wish and then run it against your Kubernetes configurations to check for rule violations. Custom rules can be written in JSON schema or in Rego.

Contributing

We want to thank our contributors for helping us build Datree ❤️

Contributors