README
¶
Chartsec: Helm Chart security checker
Chartsec scans a Helm chart for potential security vulnerabilities for it's user. It's especially useful to check third-party charts before even decompressing them.
Usage
Chartsec can be used both as a library and an executable.
Build the binary executable with the following command:
go get github.com/banzaicloud/chartsec/cmd/chartsec
Use it to check a chart package:
chartsec path/to/package.tgz
Or use it as a library in your project:
package main
import (
"os"
"github.com/banzaicloud/chartsec"
)
func main() {
file, err := os.Open("path/to/package.tgz")
if err != nil {
panic(err)
}
scanner := chartsec.NewDefaultChartScanner()
err = scanner.Scan(file)
if err != nil {
panic(err)
}
}
Security checks
- Compressed archive does not exceed 10MB
- Decompressed archive does not exceed 10MB
- Markdown files do not contain malicious content (html script, etc)
Why is everything in package internal?
While we believe this package is ultimately useful for anyone who work with third-party charts, the API is not quite stable yet, the implementation might change, so we decided to expose only what's necessary to use the core functionality to prevent ossification.
License
Apache 2.0 License. Please see License File for more information.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ChartScanner ¶
type ChartScanner = chartsec.ChartScanner
ChartScanner scans a Helm chart archive for security issues.
func NewDefaultChartScanner ¶
func NewDefaultChartScanner() *ChartScanner
NewDefaultChartScanner returns a new ChartScanner instance with default security settings.
type PolicyViolationError ¶
type PolicyViolationError = chartsec.PolicyViolationError
PolicyViolationError contains the details for a policy violation.
Source Files
Directories