Open sebastien-powl opened 3 years ago
Same need here. I was expecting to put it in a pipeline but it is still expecting interaction. I have a properly setup kube.config and was expecting kubestriker to load it to target the default endpoint
I see that "api and cicd automation friendly" in the roadmap, do hope, you'll have time to it. would be great for kubestriker adoption <3
Hi @sebastien-powl / @lgmorand ,
Thank you for raising this one.
I am currently working on this and CICD compatible container image will be released in next 10 days with the Updated documentation.
Regards, Vasant
perfect, it you need a tester, I'll be your man :)
@lgmorand / @sebastien-powl
Hey Guys, the CICD compatible version container along with documentation is now updated. Please refer the README Page.
Thanks, Vasant
w00t w00t ! will give a try :)
I must be missing something but the doc just says how to remote connect to a spinning connainter with "-it", but it still requires human interactions, inputs, especially in this picture https://raw.githubusercontent.com/vchinnipilli/kubestriker/master/media/auth.gif
Let's say, I want to do the manual installation, what should I do after to have a full scan without any input required
python -m kubestriker
BTW, I don't know how works the doc but it looks buggy. For instance : https://www.kubestriker.io/Types-of-scans does not bring to the right page, it brings the home page.
Hi @lgmorand , Thank you for pointing out this to me. I will look into it.
However, for your question, please refer to the CICD section on the page and you should be able to run the scan without any human interaction after you invoke the scanner.
Regards, Vasant
I'd find simpler to provide the kubeconfig and let kubestriker extract the information instead of providing URL and Token. Let me explain my point of view. When working with a CSP (AKS,EKS,GKE), the CLI to get credentials (i.e. AKS get-credentials) returns them directly inside the kubeconfig, then we have to manually extract them to pass them to kubestriker.
I'd find it more useful to let kubestricker do the extraction for me, not that it should be his responsability but mainly because ALL users of kubestriker will have to implement a extraction task to get these values. a lot of tooling around k8s are working like these, you handle the current config of the context and they do the extraction.
I know, that's more work but that would be my feedback :)
Hi @lgmorand ,
Thank you for your feedback. It is really appreciated.
I will make the changes as suggested and will release the next version in a few weeks.
Regards, Vasant
Similar to this request, it would be ideal if choosing 'Perform individual Checks' to then be returned to this prompt, perhaps with an Exit option. Currently if I perform an inidividual check afterward I'm presented with 'continue' or 'exit' and continue starts the process right from the start again (choose config or URL, etc).
Could it be possible to launch a full scan with a single command, instead of running the interactive menu and choosing each option. Can we run like python -m kubestriker and then pass the ip, token and what type of scan we need to run @vasantchinnipilli
Hi,
Could it be possible to launch a full scan with a single command, instead of running the interactive menu and chosing each option please ?
I made it myself locally but it's not very pretty. Let me know.