GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → octarinesec → Kube Scan

octarinesec / Kube Scan

Licence: mit
kube-scan: Octarine k8s cluster risk assessment tool

Programming Languages

go
31211 projects - #10 most used programming language

Labels

securitykubernetesdevopssecurity-toolsk8scloud-nativesecurity-auditsecurity-scannerdevsecops

Projects that are alternatives of or similar to Kube Scan

Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+1514.31%)
Mutual labels:  devops, security-tools, security-audit, security-scanner
Threatmapper
Identify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (-36.22%)
Mutual labels:  cloud-native, devops, security-tools, devsecops
Salt Scanner
Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (-53.89%)
Mutual labels:  devops, security-tools, security-audit, security-scanner
Openebs
Leading Open Source Container Attached Storage, built using Cloud Native Architecture, simplifies running Stateful Applications on Kubernetes.
Stars: ✭ 7,277 (+1185.69%)
Mutual labels:  cloud-native, devops, k8s
Kubestriker
A Blazing fast Security Auditing tool for Kubernetes
Stars: ✭ 213 (-62.37%)
Mutual labels:  devops, security-tools, security-audit
Gg Shield Action
GitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 248 (-56.18%)
Mutual labels:  devops, security-tools, devsecops
Holisticinfosec For Webdevelopers Fascicle0
📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Stars: ✭ 37 (-93.46%)
Mutual labels:  devops, security-audit, devsecops
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-55.12%)
Mutual labels:  security-tools, security-scanner, k8s
Kccss
Kubernetes Common Configuration Scoring System
Stars: ✭ 111 (-80.39%)
Mutual labels:  cloud-native, security-audit, devsecops
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+465.02%)
Mutual labels:  devops, security-audit, devsecops
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+705.83%)
Mutual labels:  security-tools, security-audit, devsecops
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-66.96%)
Mutual labels:  devops, security-audit, devsecops
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+374.73%)
Mutual labels:  devops, security-tools, devsecops
Kubesphere
The container platform tailored for Kubernetes multi-cloud, datacenter, and edge management ⎈ 🖥 ☁️
Stars: ✭ 8,315 (+1369.08%)
Mutual labels:  cloud-native, devops, k8s
K3sup
bootstrap Kubernetes with k3s over SSH < 1 min 🚀
Stars: ✭ 4,012 (+608.83%)
Mutual labels:  cloud-native, devops, k8s
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-39.93%)
Mutual labels:  security-tools, security-audit, security-scanner
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-71.38%)
Mutual labels:  security-tools, security-audit, security-scanner
Cobra
Source Code Security Audit (源代码安全审计)
Stars: ✭ 2,802 (+395.05%)
Mutual labels:  security-tools, security-audit, security-scanner
Wsltools
Web Scan Lazy Tools - Python Package
Stars: ✭ 288 (-49.12%)
Mutual labels:  security-tools, security-audit, security-scanner
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (-36.57%)
Mutual labels:  security-tools, security-audit, security-scanner
View All Similar Projects ➔

Kube-Scan

Try our free Kubernetes risk assessment tool today.
Run it on any cluster at any time. No data leaves your cluster. We do not collect any information.
For more information on Octarine see https://www.octarinesec.com.

Get the risk score of your workloads

Kube-Scan gives a risk score, from 0 (no risk) to 10 (high risk) for each workload. The risk is based on the runtime configuration of each workload (currently 20+ settings). The exact rules and scoring formula are part of the open-source framework KCCSS, the Kubernetes Common Configuration Scoring System.

KCCSS is similar to the Common Vulnerability Scoring System (CVSS), the industry-standard for rating vulnerabilities, but instead focuses on the configurations and security settings themselves. Vulnerabilities are always detrimental, but configuration settings can be insecure, neutral, or critical for protection or remediation. KCCSS scores both risks and remediations as separate rules, and allows users to calculate a risk for every runtime setting of a workload and then to calculate the total risk of the workload.

Please notice that kube-scan currently scans the cluster when starting and will re-scan it every 24 hours. Thus, if you want to get an up-to-date risk score (e.g. after installing a new app), you should restart the kube-scan pod.

Quickstart

kubectl apply -f https://raw.githubusercontent.com/octarinesec/kube-scan/master/kube-scan.yaml
kubectl port-forward --namespace kube-scan svc/kube-scan-ui 8080:80

Then set your browser to http://localhost:8080.

Using a load-balancer service

  • This method assumes you are using a cloud provider that provides load balancers.
kubectl apply -f https://raw.githubusercontent.com/octarinesec/kube-scan/master/kube-scan-lb.yaml

Then get the load-balancer address by

kubectl -n kube-scan get service kube-scan-ui -o jsonpath={..ip}

or

kubectl -n kube-scan get service kube-scan-ui -o jsonpath={..hostname}

depending on the load-balancer type.

Then set your browser to that address.

Using the API

If you applied kube-scan to your cluster with the load balancer service:

"HOST" refers to the external ip of the service.

If you used port-forward:

"HOST" refers to "localhost:8080"

Getting all of the risks in your cluster:

GET http://HOST/api/risks

Requesting the kube-scan service to calculate again the risks (in case a resource was changed):

POST http://HOST/api/refresh

This might be a long operation - depending on the cluster size, so you can pull the refresh operation status:

GET http://HOST/api/refreshing_status

Building from source code

Build the server image (from root folder)

cd server
docker build -t SERVER_TAG_NAME .
docker push SERVER_TAG_NAME

Build the client image (from root folder)

cd client
docker build -t CLIENT_TAG_NAME .
docker push CLIENT_TAG_NAME

Set kube-scan containers images on the desired yaml (from root folder) kube-scan container with SERVER_TAG_NAME kube-scan-ui container with CLIENT_TAG_NAME

Apply the desired yaml and use "quick start" or "using load-balancer" instructions

Uninstall

kubectl delete -f https://raw.githubusercontent.com/octarinesec/kube-scan/master/kube-scan.yaml

In case of using a load-balancer:

kubectl delete -f https://raw.githubusercontent.com/octarinesec/kube-scan/master/kube-scan-lb.yaml

Screenshots

Risk score

Risk details

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].