Kubesecgpt is a command-line tool that analyzes Kubernetes deployment YAML files for potential vulnerabilities using OpenAI API. It helps identify security issues and provides reasons for the vulnerabilities detected.
- Kubernetes cluster
- OpenAI API key (defined as an environment variable
OPENAI_API_KEY)
Kubesecgpt can be installed using the following command:
$ go get github.com/bilalunalnet/kubesecgpt
To use Kubesecgpt, run the following command:
kubesecgpt --deployment <deployment-name> --namespace <namespace>
Where:
<deployment-name> is the name of the deployment to check
<namespace> is the namespace of the deployment (default is default)
Note that the OpenAI API key must be defined as an environment variable OPENAI_API_KEY.
Check if the nginx deployment in the default namespace is vulnerable:
kubesecgpt --deployment nginx
Check if the nginx deployment in the dev namespace is vulnerable:
kubesecgpt --deployment nginx --namespace dev
Contributions to Kubesecgpt are welcome. To contribute, please follow these steps:
- Fork the repository
- Create a new branch for your changes
- Make your changes and commit them
- Push your changes to your forked repository
- Submit a pull request to the main repository
Kubesecgpt is licensed under the MIT License.