Skip to content

Kubevuln is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.

License

Notifications You must be signed in to change notification settings

kubescape/kubevuln

Kubevuln

OpenSSF Scorecard FOSSA Status

The Kubevuln component is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.

Build Kubevuln

To build kubevuln with its dependencies run: make

Configuration

  1. Load config file using the CONFIG environment variable

    export CONFIG=path/to/clusterData.json

    example/clusterData.json
    {
        "gatewayWebsocketURL": "127.0.0.1:8001",
        "gatewayRestURL": "127.0.0.1:8002",
        "kubevulnURL": "127.0.0.1:8080",
        "kubescapeURL": "127.0.0.1:8080",
        "eventReceiverRestURL": "https://report.armo.cloud",
        "eventReceiverWebsocketURL": "wss://report.armo.cloud",
        "rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification",
        "accountID": "*********************",
        "clusterName": "******"
       }
  2. Set the PORT environment variable to 8081 export PORT=8080

Environment Variables

Check out scanner/environmentvariables.go

VS code configuration samples

You can use the samples files below to setup your VS code environment for building and debugging purposes.

.vscode/launch.json
{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Launch Package",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program":  "${workspaceRoot}",
                 "env": {
                     "PORT": "8080",
                     "NAMESPACE": "kubescape",
                     "CONFIG": "${workspaceRoot}/.vscode/clusterData.json",
            },
            "args": [
                "-alsologtostderr", "-v=4", "2>&1"
            ]
        }
    ]
}

We configure the Kubevuln to listen to port 8080, and define the configuration in the clusterData.json file as mentioned above.

Changelog

Kubevuln changes are tracked on the release page

About

Kubevuln is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages