diki

module

v0.1.0 Latest Latest Go to latest Published: Sep 29, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gardener/diki

Links

Open Source Insights

README ¶

Diki

Diki a "compliance checker" or sorts, a detective control framework with pluggable rule sets. It's part of the Gardener family, but can be used also on other Kubernetes distros or even on non-Kubernetes environments, e.g. to check compliance of your hyperscaler accounts.

Diki is the Greek word for "trial". You can also memorise it as "Detective Investigation of Key Imperatives" or as GNU-style recursive acronym "Diki Investigates Key Imperatives". It's colloquially known as "Don't I Know It", which is a nice fit as well for what it does.

Important Note: This repository is in alpha stage. The API can change without any backwards compatibility.

Getting Started

Installation

TODO

Run

Most of Diki's run configurations are provided through its config file. Options depend on the different providers and rulesets. Here are a couple of commands to get you started:

Run all known rulesets for all known providers

diki run --config=config.yaml --all

Run a specific ruleset for a known provider

diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r8

Run a specific rule defined in a ruleset for a known provider

diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r8 --rule-id=242414

Report

Diki can generate a human readable report from the output files of a diki run execution. Merged reports can be produced by setting the distinct-by flag. The value of this flag is a list of key=value pairs where the keys are the IDs of the providers we want to include in the merged report and the values are the unique metadata fields to be used as distinction values between different provider runs.

Generate an html report

diki report output.json > report.hmtl

Generate merged html report

diki report --distinct-by=gardener=id output1.json output2.json > report.hmtl

Unit Tests

You can manually run the tests via make test.

Contributing

Contributions are very welcome. To learn more, see the contributor guide.

Credits

A special thank you to @vlerenc, @AleksandarSavchev and @dimityrmirchev who made significant contributions to the project before it was made available to the public.

Directories ¶

Path	Synopsis
cmd
diki
diki/app
imagevector
pkg
config
kubernetes/config
kubernetes/pod
kubernetes/pod/fake
kubernetes/utils
provider
provider/builder
provider/gardener
provider/gardener/internal/utils
provider/gardener/ruleset
provider/gardener/ruleset/disak8sstig
provider/gardener/ruleset/disak8sstig/v1r10
provider/gardener/ruleset/disak8sstig/v1r8
report
rule
ruleset

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL