starboard

package module

v0.15.4 Latest Latest Go to latest Published: Apr 12, 2022 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aquasecurity/starboard

Links

Open Source Insights

README ¶

Kubernetes-native security toolkit.

Introduction

There are lots of security tools in the cloud native world, created by Aqua and by others, for identifying and informing users about security issues in Kubernetes workloads and infrastructure components. However powerful and useful they might be, they tend to sit alongside Kubernetes, with each new product requiring users to learn a separate set of commands and installation steps in order to operate them and find critical security information.

Starboard attempts to integrate heterogeneous security tools by incorporating their outputs into Kubernetes CRDs (Custom Resource Definitions) and from there, making security reports accessible through the Kubernetes API. This way users can find and view the risks that relate to different resources in what we call a Kubernetes-native way.

Starboard provides:

Automated vulnerability scanning for Kubernetes workloads.
Automated configuration audits for Kubernetes resources with predefined rules or custom Open Policy Agent (OPA) policies.
Automated infrastructures scanning and compliance checks with CIS Benchmarks published by the Center for Internet Security (CIS).
Automated compliance report - NSA, CISA Kubernetes Hardening Kubernetes Guidance v1.0
Penetration test results for a Kubernetes cluster.
Custom Resource Definitions and a Go module to work with and integrate a range of security scanners.
The Octant Plugin and the Lens Extension that make security reports available through familiar Kubernetes interfaces.

Starboard Overview

Starboard can be used:

As a Kubernetes operator to automatically update security reports in response to workload and other changes on a Kubernetes cluster - for example, initiating a vulnerability scan when a new Pod is started or running CIS Benchmarks when a new Node is added.
As a command, so you can trigger scans and view the risks in a kubectl-compatible way or as part of your CI/CD pipeline.

Status

Although we are trying to keep new releases backward compatible with previous versions, this project is still incubating, and some APIs and Custom Resource Definitions may change.

Documentation

The official Documentation provides detailed installation, configuration, troubleshooting, and quick start guides.

Learn how to install the Starboard command From the Binary Releases and follow the Getting Started guide to generate your first vulnerability and configuration audit reports.

You can install the Starboard Operator with Static YAML Manifests and follow the Getting Started guide to see how vulnerability and configuration audit reports are generated automatically.

Read more about the motivations for the project in the Starboard: The Kubernetes-Native Toolkit for Unifying Security blog.

Contributing

At this early stage we would love your feedback on the overall concept of Starboard. Over time, we'd love to see contributions integrating different security tools so that users can access security information in standard, Kubernetes-native ways.

See Contributing for information about setting up your development environment, and the contribution workflow that we expect.
See Roadmap for tentative features in a 1.0.0 release.

Starboard is an Aqua Security open source project.
Learn about our Open Source Work and Portfolio.
Join the community, and talk to us about any matter in GitHub Discussions or Slack.

Documentation ¶

Index ¶

func GetCISKubeBenchReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func GetClusterComplianceDetailReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func GetClusterComplianceReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func GetClusterConfigAuditReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func GetClusterVulnerabilityReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func GetConfigAuditReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func GetKubeHunterReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func GetNSASpecV10() (v1alpha1.ClusterComplianceReport, error)
func GetVulnerabilityReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)
func PoliciesConfigMap() (corev1.ConfigMap, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetCISKubeBenchReportsCRD ¶ added in v0.10.2

func GetCISKubeBenchReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func GetClusterComplianceDetailReportsCRD ¶ added in v0.15.0

func GetClusterComplianceDetailReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func GetClusterComplianceReportsCRD ¶ added in v0.15.0

func GetClusterComplianceReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func GetClusterConfigAuditReportsCRD ¶ added in v0.12.0

func GetClusterConfigAuditReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func GetClusterVulnerabilityReportsCRD ¶ added in v0.13.0

func GetClusterVulnerabilityReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func GetConfigAuditReportsCRD ¶ added in v0.10.2

func GetConfigAuditReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func GetKubeHunterReportsCRD ¶ added in v0.10.2

func GetKubeHunterReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func GetNSASpecV10 ¶ added in v0.15.0

func GetNSASpecV10() (v1alpha1.ClusterComplianceReport, error)

func GetVulnerabilityReportsCRD ¶

func GetVulnerabilityReportsCRD() (apiextensionsv1.CustomResourceDefinition, error)

func PoliciesConfigMap ¶ added in v0.15.0

func PoliciesConfigMap() (corev1.ConfigMap, error)

Types ¶

This section is empty.

Source Files ¶

View all Source files

embedded.go

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
cmd
scanner-aqua
starboard
starboard-operator
itest
helper The helper package provides builders to instantiate Kubernetes objects used in integration tests.	The helper package provides builders to instantiate Kubernetes objects used in integration tests.
matcher The matcher package provides domain-specific Gomega matchers.	The matcher package provides domain-specific Gomega matchers.
starboard-operator/behavior
pkg
apis/aquasecurity
apis/aquasecurity/v1alpha1 Package v1alpha1 is the v1alpha1 version of the API.	Package v1alpha1 is the v1alpha1 version of the API.
cmd Package cmd provides primitives for implementing Starboard CLI.	Package cmd provides primitives for implementing Starboard CLI.
compliance
configauditreport Package configauditreport provides primitives for working with Kubernetes workload configuration checkers.	Package configauditreport provides primitives for working with Kubernetes workload configuration checkers.
docker Package docker provides primitives for working with Docker.	Package docker provides primitives for working with Docker.
ext
generated/clientset/versioned This package has the automatically generated clientset.	This package has the automatically generated clientset.
generated/clientset/versioned/fake This package has the automatically generated fake clientset.	This package has the automatically generated fake clientset.
generated/clientset/versioned/scheme This package contains the scheme of the automatically generated clientset.	This package contains the scheme of the automatically generated clientset.
generated/clientset/versioned/typed/aquasecurity/v1alpha1 This package has the automatically generated typed clients.	This package has the automatically generated typed clients.
generated/clientset/versioned/typed/aquasecurity/v1alpha1/fake Package fake has the automatically generated clients.	Package fake has the automatically generated clients.
generated/informers/externalversions
generated/informers/externalversions/aquasecurity
generated/informers/externalversions/aquasecurity/v1alpha1
generated/informers/externalversions/internalinterfaces
generated/listers/aquasecurity/v1alpha1
kube Package kube provides primitives for working with Kubernetes objects.	Package kube provides primitives for working with Kubernetes objects.
kubebench Package kubebench provides primitives for working with CIS Kubernetes benchmarks.	Package kubebench provides primitives for working with CIS Kubernetes benchmarks.
kubehunter Package kubehunter provides primitives for working with KubeHunter.	Package kubehunter provides primitives for working with KubeHunter.
operator Package operator provides primitives for implementing Starboard Operator.	Package operator provides primitives for implementing Starboard Operator.
operator/controller
operator/etc
operator/predicate
plugin Package plugin aggregates plugins for Starboard.	Package plugin aggregates plugins for Starboard.
plugin/aqua Package aqua provides primitives for working with Aqua Enterprise scanner.	Package aqua provides primitives for working with Aqua Enterprise scanner.
plugin/aqua/client Package client provides an HTTP client for selected Aqua Enterprise API endpoints.	Package client provides an HTTP client for selected Aqua Enterprise API endpoints.
plugin/aqua/scanner/api Package api provides primitives for getting vulnerability reports via Aqua Enterprise API	Package api provides primitives for getting vulnerability reports via Aqua Enterprise API
plugin/aqua/scanner/cli Package cli provides primitives for getting vulnerability reports by executing the scannercli command.	Package cli provides primitives for getting vulnerability reports by executing the scannercli command.
plugin/conftest Package conftest provides primitives for working with Conftest.	Package conftest provides primitives for working with Conftest.
plugin/polaris Package polaris provides primitives for working with Polaris.	Package polaris provides primitives for working with Polaris.
plugin/trivy Package trivy provides primitives for working with Trivy.	Package trivy provides primitives for working with Trivy.
policy
report Package report provides primitives for generating HTML reports.	Package report provides primitives for generating HTML reports.
report/templates Package templates provides code generated from *.qtpl templates.	Package templates provides code generated from *.qtpl templates.
runner Package runner provides primitives to run tasks as Kubernetes Jobs.	Package runner provides primitives to run tasks as Kubernetes Jobs.
starboard Package starboard provides primitives for working with Starboard toolkit.	Package starboard provides primitives for working with Starboard toolkit.
utils
vulnerabilityreport Package vulnerabilityreport provides primitives for working with vulnerability scanners.	Package vulnerabilityreport provides primitives for working with vulnerability scanners.