README
¶
Kubevuln
The Kubevuln component is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.
Build Kubevuln
To build kubevuln with its dependencies run: make
Configuration
-
Load config file using the
CONFIGenvironment variableexport CONFIG=path/to/clusterData.jsonexample/clusterData.json
{ "gatewayWebsocketURL": "127.0.0.1:8001", "gatewayRestURL": "127.0.0.1:8002", "kubevulnURL": "127.0.0.1:8080", "kubescapeURL": "127.0.0.1:8080", "eventReceiverRestURL": "https://report.armo.cloud", "eventReceiverWebsocketURL": "wss://report.armo.cloud", "rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification", "accountID": "*********************", "clusterName": "******" } -
Set the
PORTenvironment variable to 8081export PORT=8080
Environment Variables
Check out scanner/environmentvariables.go
VS code configuration samples
You can use the samples files below to setup your VS code environment for building and debugging purposes.
.vscode/launch.json
{
"version": "0.2.0",
"configurations": [
{
"name": "Launch Package",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceRoot}",
"env": {
"PORT": "8080",
"NAMESPACE": "kubescape",
"CONFIG": "${workspaceRoot}/.vscode/clusterData.json",
},
"args": [
"-alsologtostderr", "-v=4", "2>&1"
]
}
]
}
We configure the Kubevuln to listen to port 8080, and define the configuration in the clusterData.json file as mentioned above.
Changelog
Kubevuln changes are tracked on the release page
Directories
Click to show internal directories.
Click to hide internal directories.