search

kubescape / kubevuln

Kubevuln is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.
Apache License 2.0
17 stars 19 forks source link
kubernetes kubescape kubescape-helm vulnerability-detection

readme

Kubevuln

OpenSSF Scorecard FOSSA Status

The Kubevuln component is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.

Build Kubevuln

To build kubevuln with its dependencies run: make

Configuration

  1. Load config file using the CONFIG environment variable

    export CONFIG=path/to/clusterData.json

    example/clusterData.json ```json5 { "gatewayWebsocketURL": "127.0.0.1:8001", "gatewayRestURL": "127.0.0.1:8002", "kubevulnURL": "127.0.0.1:8080", "kubescapeURL": "127.0.0.1:8080", "eventReceiverRestURL": "https://report.armo.cloud", "eventReceiverWebsocketURL": "wss://report.armo.cloud", "rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification", "accountID": "*********************", "clusterName": "******" } ```

  2. Set the PORT environment variable to 8081 export PORT=8080

Environment Variables

Check out scanner/environmentvariables.go

VS code configuration samples

You can use the samples files below to setup your VS code environment for building and debugging purposes.

.vscode/launch.json ```json5 { "version": "0.2.0", "configurations": [ { "name": "Launch Package", "type": "go", "request": "launch", "mode": "auto", "program": "${workspaceRoot}", "env": { "PORT": "8080", "NAMESPACE": "kubescape", "CONFIG": "${workspaceRoot}/.vscode/clusterData.json", }, "args": [ "-alsologtostderr", "-v=4", "2>&1" ] } ] } ``` We configure the Kubevuln to listen to port 8080, and define the configuration in the clusterData.json file [as mentioned above](https://github.com/kubescape/kubevuln#configuration).

Changelog

Kubevuln changes are tracked on the release page