/starboard

Kubernetes-native security toolkit

Primary LanguageGoApache License 2.0Apache-2.0

Starboard logo

Kubernetes-native security toolkit.

GitHub Release GitHub Build Actions Coverage Status Go Report Card License GitHub All Releases Docker Pulls Starboard Docker Pulls Starboard Operator

Introduction

Starboard integrates security tools into the Kubernetes environment, so that users can find and view the risks that relate to different resources in a Kubernetes-native way. Starboard provides custom resources definitions and a Go module to work with a range of existing security scanners, as well as a kubectl-compatible command, the Octant plugin, and the Lens extension that make security reports available through familiar Kubernetes tools.

Starboard Overview

Starboard can be run in two different modes:

  • As a command, so you can trigger scans and view the risks in a kubectl-compatible way or as part of your CI/CD pipeline.
  • As an operator to automatically update security reports in response to workload and other changes on a Kubernetes cluster - for example, initiating a vulnerability scan when a new pod is started.

NOTE Even though manual scanning through the command-line is useful, the fact that it's not automated makes it less suitable with a large number of Kubernetes workloads. Therefore, the operator provides a better option for these scenarios, constantly monitoring built-in Kubernetes resources, such as Deployments, and running appropriate scanners against the underlying deployment descriptors.

You can read more about the motivations and use cases in this blog and join our discussions.

Status

This project is incubating and the APIs are not considered stable.

Documentation

The official documentation, which provides detailed installation, configuration, and quick start guides, is available at https://aquasecurity.github.io/starboard/.

Try the getting started guide to install the Starboard command and generate your first vulnerability report.

Contributing

At this early stage we would love your feedback on the overall concept of Starboard. Over time we'd love to see contributions integrating different security tools so that users can access security information in standard, Kubernetes-native ways.

  • See CONTRIBUTING.md for information about setting up your development environment, and the contribution workflow that we expect.
  • See ROADMAP.md for tentative features in a 1.0 release.
  • Join our discussions.