GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jfrog → kubexray

jfrog / kubexray

Licence: Apache-2.0 license
JFrog KubeXray scanner on Kubernetes

Programming Languages

go
31211 projects - #10 most used programming language
Smarty
1635 projects
Dockerfile
14818 projects
Makefile
30231 projects

Labels

kubernetessecuritydevopsscankubernetes-operatorxray

Projects that are alternatives of or similar to kubexray

k8s-rmq-autoscaler
Kubernetes autoscaler for deployments that consume queue in RMQ
Stars: ✭ 19 (-13.64%)
Mutual labels:  kubernetes-operator
scan
DeFi Scan, everything one-stop location for DeFi Blockchain. Powered by jellyfish & ocean network.
Stars: ✭ 31 (+40.91%)
Mutual labels:  scan
xray-heroku
No description or website provided.
Stars: ✭ 24 (+9.09%)
Mutual labels:  xray
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+545.45%)
Mutual labels:  scan
WPWatcher
Wordpress Watcher is a wrapper for WPScan that manages scans on multiple sites and reports by email and/or syslog. Schedule scans and get notified when vulnerabilities, outdated plugins and other risks are found.
Stars: ✭ 34 (+54.55%)
Mutual labels:  scan
kube-beacon
Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification
Stars: ✭ 60 (+172.73%)
Mutual labels:  scan
kubegres
Kubegres is a Kubernetes operator allowing to deploy one or many clusters of PostgreSql instances and manage databases replication, failover and backup.
Stars: ✭ 1,107 (+4931.82%)
Mutual labels:  kubernetes-operator
paperbase
Open source document organizer with automatic OCR and full text search
Stars: ✭ 21 (-4.55%)
Mutual labels:  scan
cmak-operator
CMAK (prev. Kafka Manager) for Kubernetes
Stars: ✭ 45 (+104.55%)
Mutual labels:  kubernetes-operator
sieve
Automatic Reliability Testing for Kubernetes Controllers
Stars: ✭ 183 (+731.82%)
Mutual labels:  kubernetes-operator
trivy-vulnerability-explorer
Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.
Stars: ✭ 63 (+186.36%)
Mutual labels:  scan
xray-162
XRay engine 1.6.2 (S.T.A.L.K.E.R: Call of Pripyat) evolution
Stars: ✭ 48 (+118.18%)
Mutual labels:  xray
stackgres
StackGres Operator, Full Stack PostgreSQL on Kubernetes // !! Mirror repository of https://gitlab.com/ongresinc/stackgres, only accept Merge Requests there.
Stars: ✭ 479 (+2077.27%)
Mutual labels:  kubernetes-operator
DNTScanner.Core
DNTScanner.Core is a .NET 4x and .NET Core 2x+ wrapper for the Windows Image Acquisition library.
Stars: ✭ 54 (+145.45%)
Mutual labels:  scan
freya
Scala Kubernetes Operator library
Stars: ✭ 40 (+81.82%)
Mutual labels:  kubernetes-operator
microcks-ansible-operator
Kubernetes Operator for easy setup and management of Microcks installs
Stars: ✭ 21 (-4.55%)
Mutual labels:  kubernetes-operator
nmap-formatter
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+486.36%)
Mutual labels:  scan
kotary
Managing Kubernetes Quota with confidence
Stars: ✭ 85 (+286.36%)
Mutual labels:  kubernetes-operator
infinispan-operator
Infinispan Operator
Stars: ✭ 32 (+45.45%)
Mutual labels:  kubernetes-operator
percona-postgresql-operator
Percona Operator for PostgreSQL
Stars: ✭ 132 (+500%)
Mutual labels:  kubernetes-operator
View All Similar Projects ➔

Deprecation Notice

Note: KubeXray is no longer maintained or supported by JFrog. Feel free to review this code for your own POC concepts, but we are not continuing to update it or add features. For people looking for great tools to help for enforcement in Kubernetes, we do continue to have KubeNab which allows enforcement of what repositories a kubernetes cluster pulls from (which then can leverage enforcement of Xray policies in Artifactory).*

JFrog KubeXray scanner on Kubernetes

An open source software project that monitors pods in a Kubernetes cluster to help you detect security & license violations in containers running inside the pod.

KubeXray listens to events from Kubernetes API server, and leverages the metadata from JFrog Xray (commercial product) to ensure that only the pods that comply with your current policy can run on Kubernetes. As an example, KubeXray listens to these event streams:

  • Deployment of a new service
  • Upgrade of an existing service
  • A new license policy, such as a new license type disallowed for runtime.
  • A new security issue

And when an issue is detected, KubeXray responds according to the current policy that you have set.

You can select one of the following possible actions:

  • Scaledown to 0. The desired state of a service's replica count is updated to 0, making the services inactive but still traceable.
  • Delete the corresponding Kubernetes resource that’s pointing to a vulnerable container image(s)
  • Ignore and leave the pod running

KubeXray also allows you to enforce policy for running applications that have not been scanned by JFrog Xray and whose risks are unknown.

Install Instructions

The easiest way to install KubeXray is using the Helm chart

Please follow install instruction from chart's readme

Local development and testing

Building binary

To build kubexray locally

make build

Docker

To build kubexray docker image locally (testing docker image build)

make image

Contributing Code

We welcome community contribution through pull requests.

License

This tool is available under the Apache License, Version 2.0.

(c) All rights reserved JFrog

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].