Smelly Kube API was created to identify security vulnerabilities in Kubernetes manifests. It uses a REST API to receive the manifest files from the client, and returns a response with the found vulnerabilities. The API documentation can be seen in API section.
At the moment, Smelly Kube have the following clients:
You can either run the server directly through golang or via Docker.
Run using Docker:
To run the application using Docker, just run docker compose up server
Run directly using go:
cd security-smells-api/go mod tidygo run main.go
The server uses the localhost with port 3000.
The server was developed under Ubuntu 22.04.4 LTS
- Golang v1.22
- Docker v24.0.5
The dependencies can be seen in go.mod file
Headers
| Key | Value |
|---|---|
| Content-Type | application/json |
Body
{
"fileName": "manifest.yaml",
"yamlToValidate": "<file content>",
}{
"meta": {
"totalOfSmells": 1,
"decodedWorkloads": {
"ReplicaSets": 0,
"Deployments": 1,
"Pods": 0,
"Jobs": 0,
"CronJobs": 0,
"StatefulSets": 0,
"DaemonSets": 0,
}
},
"data": {
"ReplicaSets": [],
"Deployments": [{
"namespace": "default",
"workload_kind": "Deployment",
"workload_label_name": "example",
"workload_position": 0,
"rule": "K8S_SEC_RUNASUSER_UNSET",
"message": "RunAsUser not set",
"suggestion": "Set RunAsUser",
}],
"Pods": [],
"Jobs": [],
"CronJobs": [],
"StatefulSets": [],
"DaemonSets": [],
},
}{
"message": "Empty file"
}