README
¶
Kubernetes-native security toolkit.
Introduction
Starboard integrates security tools into the Kubernetes environment, so that users can find and view the risks that relate to different resources in a Kubernetes-native way. Starboard provides custom resources definitions and a Go module to work with a range of existing security scanners, as well as a kubectl-compatible command, the Octant plugin, and the Lens extension that make security reports available through familiar Kubernetes tools.
Starboard can be run in two different modes:
- As a command, so you can trigger scans and view the risks in a kubectl-compatible way or as part of your CI/CD pipeline.
- As an operator to automatically update security reports in response to workload and other changes on a Kubernetes cluster - for example, initiating a vulnerability scan when a new pod is started.
NOTE Even though manual scanning through the command-line is useful, the fact that it's not automated makes it less suitable with a large number of Kubernetes workloads. Therefore, the operator provides a better option for these scenarios, constantly monitoring built-in Kubernetes resources, such as Deployments, and running appropriate scanners against the underlying deployment descriptors.
You can read more about the motivations and use cases in this blog and join our discussions.
Status
This project is incubating and the APIs are not considered stable.
Documentation
The official documentation, which provides detailed installation, configuration, and quick start guides, is available at https://aquasecurity.github.io/starboard/.
Try the getting started guide to install the Starboard command and generate your first vulnerability report.
Contributing
At this early stage we would love your feedback on the overall concept of Starboard. Over time we'd love to see contributions integrating different security tools so that users can access security information in standard, Kubernetes-native ways.
- See CONTRIBUTING.md for information about setting up your development environment, and the contribution workflow that we expect.
- See ROADMAP.md for tentative features in a 1.0 release.
- Join our discussions.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetVulnerabilityReportsCRD ¶
func GetVulnerabilityReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
Types ¶
This section is empty.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
itest
|
|
|
helper
The helper package provides builders to instantiate Kubernetes objects used in integration tests.
|
The helper package provides builders to instantiate Kubernetes objects used in integration tests. |
|
matcher
The matcher package provides domain-specific Gomega matchers.
|
The matcher package provides domain-specific Gomega matchers. |
|
pkg
|
|
|
apis/aquasecurity/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
|
Package v1alpha1 is the v1alpha1 version of the API. |
|
configauditreport
The configauditreport package provides primitives for working with Kubernetes workload configuration checkers.
|
The configauditreport package provides primitives for working with Kubernetes workload configuration checkers. |
|
docker
This docker package provides primitives for working with Docker.
|
This docker package provides primitives for working with Docker. |
|
generated/clientset/versioned
This package has the automatically generated clientset.
|
This package has the automatically generated clientset. |
|
generated/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
|
generated/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
|
generated/clientset/versioned/typed/aquasecurity/v1alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
generated/clientset/versioned/typed/aquasecurity/v1alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
kube
The kube package provides primitives for working with Kubernetes objects.
|
The kube package provides primitives for working with Kubernetes objects. |
|
kubebench
This package provides primitives for working with CIS Kubernetes benchmarks.
|
This package provides primitives for working with CIS Kubernetes benchmarks. |
|
plugin/aqua
The aqua package provides primitives for working with Aqua Enterprise scanner.
|
The aqua package provides primitives for working with Aqua Enterprise scanner. |
|
plugin/aqua/client
The client package provides an HTTP client for selected Aqua Enterprise REST API endpoints.
|
The client package provides an HTTP client for selected Aqua Enterprise REST API endpoints. |
|
plugin/conftest
The conftest package provides primitives for working with Conftest.
|
The conftest package provides primitives for working with Conftest. |
|
plugin/polaris
The polaris package provides primitives for working with Polaris.
|
The polaris package provides primitives for working with Polaris. |
|
plugin/trivy
The trivy package provides primitives for working with Trivy.
|
The trivy package provides primitives for working with Trivy. |
|
report
Package report provides primitives for generating HTML reports.
|
Package report provides primitives for generating HTML reports. |
|
report/templates
Package templates provides code generated from *.qtpl templates.
|
Package templates provides code generated from *.qtpl templates. |
|
starboard
The starboard package provides primitives for working with Starboard toolkit.
|
The starboard package provides primitives for working with Starboard toolkit. |
|
vulnerabilityreport
This package provides primitives for working with vulnerability scanners.
|
This package provides primitives for working with vulnerability scanners. |