Skip to content
This repository has been archived by the owner on Mar 18, 2024. It is now read-only.
/ klustair-cli Public archive

Scan all images in your Kubernetes cluster with Trivy and check your configuration with Kubeaudit

License

Apache-2.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

klustair/klustair-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

90 Commits
.github/workflows
.github/workflows
 
 
bin
bin
 
 
cmd/klustair
cmd/klustair
 
 
docker
docker
 
 
docs/img
docs/img
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

KlustAIR Client

The Klustair client searches your Kubernetes namespaces for the used images and scans them with Trivy.

Related Klustair projects:

Related opensource projects

  • trivy A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts
  • kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls

Installation

Binaries

Download the binaries from the releases page. Unpack the archive and move the klustair-cli binary to your bin $PATH (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on.

Homebrew

brew tap klustair/klustair-cli 
brew install klustair-cli

Usage

klustair-cli [global options]

optional arguments:
   --verbose, -V                          increase output verbosity (default: false) [$KLUSTAIR_VERBOSE]
   --debug, -d                            debug mode (default: false) [$KLUSTAIR_DEBUG]
   --namespaces value, -n value           Coma separated whitelist of Namespaces to check [$KLUSTAIR_NAMESPACES]
   --namespacesblacklist value, -N value  Coma separated whitelist of Namespaces to check [$KLUSTAIR_NAMESPACESBLACKLIST]
   --kubeaudit value, -k value            Coma separated list of audits to run. [$KLUSTAIR_KUBEAUDIT]
   --trivy, -t                            Run Trivy vulnerability checks (default: false) [$KLUSTAIR_TRIVY]
   --label value, -l value                A optional title for your run [$KLUSTAIR_LABEL]
   --repocredentialspath value, -c value  Path to repo credentials for trivy [$KLUSTAIR_REPOCREDENTIALSPATH]
   --limitdate value, --ld value          Remove reports older than X days (default: 0) [$KLUSTAIR_LIMITDATE]
   --limitnr value, --ln value            Keep only X reports (default: 0) [$KLUSTAIR_LIMITNR]
   --configkey value, -C value            Load remote configuration from frontend [$KLUSTAIR_CONFIGKEY]
   --apihost value, -H value              Remote API-host address (example: https://localhost:8443) [$KLUSTAIR_APIHOST]
   --apitoken value, -T value             API Access Token from Klustair Frontend [$KLUSTAIR_APITOKEN]
   --help, -h                             show help (default: false)
   --version, -v                          print the version (default: false)

klustair cli output

ENV vars (not set by commandline)

export TRIVY_USERNAME=....
export TRIVY_PASSWORD=....
export TRIVY_REGISTRY_TOKEN=....
export TRIVY_INSECURE=false
export TRIVY_NON_SSL=false
export TRIVY_DEBUG=false
export TRIVY_QUIET=true

Installation

go get -v github.com/klustair/klustair-cli

develop

git clone git@github.com:klustair/klustair-cli.git
cd klustair-cli
go run cmd/klustair/main.go

build

go build -o bin/klustair-cli cmd/klustair/main.go

FAQ

Why is the klustair client so big (~80MB)?

  • it contains the trivy binary(~32MB) and the kubeaudit binary (~30MB).

About

Scan all images in your Kubernetes cluster with Trivy and check your configuration with Kubeaudit

Topics

kubernetes security auditing audit vulnerability vulnerability-scanners

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 5

v0.8.1 Latest
Jun 15, 2022
+ 4 releases

Packages

 
 
 

Languages