/kubevuln

Kubevuln is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.

Primary LanguageGoApache License 2.0Apache-2.0

Kubevuln

The Kubevuln component is an in-cluster component of the Kubescape security platform.
It scans container images for vulnerabilities, using Grype as its engine.

Build Kubevuln

To build kubevuln with its dependencies run: make

Configuration

  1. Load config file using the CONFIG environment variable

    export CONFIG=path/to/clusterData.json

    example/clusterData.json 
    {
    "gatewayWebsocketURL": "127.0.0.1:8001",
    "gatewayRestURL": "127.0.0.1:8002",
    "kubevulnURL": "127.0.0.1:8080",
    "kubescapeURL": "127.0.0.1:8080",
    "eventReceiverRestURL": "https://report.armo.cloud",
    "eventReceiverWebsocketURL": "wss://report.armo.cloud",
    "rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification",
    "accountID": "*********************",
    "clusterName": "******" 
   }

  2. Set the PORT environment variable to 8081
    export PORT=8080

Environment Variables

Check out scanner/environmentvariables.go

VS code configuration samples

You can use the samples files below to setup your VS code environment for building and debugging purposes.

.vscode/launch.json 
{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Launch Package",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program":  "${workspaceRoot}",
                 "env": {
                     "PORT": "8080",
                     "NAMESPACE": "kubescape",
                     "CONFIG": "${workspaceRoot}/.vscode/clusterData.json",
            },
            "args": [
                "-alsologtostderr", "-v=4", "2>&1"
            ]
        }
    ]
}

We configure the Kubevuln to listen to port 8080, and define the configuration in the clusterData.json file as mentioned above.