Checks for vulnerabilities in a running k8s cluster

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sbs2001 from gravatar.com sbs2001

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Shivam Sandbhor
  • Requires: Python >=3.6
Classifiers

Project description

ismyk8ssecure

ismyk8ssecure is a FOSS tool to check whether your K8s cluster contains previously reported vulnerabilities.

ismyk8ssecure_demo_gif

Get Started in 60 seconds !

Make sure you meet the following prerequisites

Prerequisites:

  • kubectl is configured to connect to cluster.
  • Optional, but highly recommended: make sure you are in a python venv.

Simply run the following commands, and run your first scan.

pip install ismyk8ssecure
ismyk8ssecure

How It Works:

This tool consists of 3 components:

Advisories:

These are yaml files with following schema:

vulnerability_id:
vulnerability_description:
vulnerable_components:
  - component_name:
    vulnerable_versions: [] # These are computed from `vulnerable_version_ranges`
    vulnerable_version_ranges: [] # These are manually filled
references: []
last_updated_at:
created_at:

Advisories can be found in the advisories directory in this repo.

Version Detectors:

These are functions which detects the version of a particular k8s component. See examples in TODO.

Vulnerability Detectors:

These are functions defined per (vulnerability, k8s component) pair. They are called depending upon the results of above 2 components. They verify whether the corresponding "vulnerability" is present in the detected "k8s component".

Roadmap:

  • Convert most of the kubernetes security advisories into machine readable format.

  • Implement fine tuned vulnerability detectors and eventually become a smart npm audit.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sbs2001 from gravatar.com sbs2001

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: Shivam Sandbhor
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

0.0.2

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ismyk8ssecure-0.0.1.tar.gz (6.8 kB view details)

Uploaded Source

File details

Details for the file ismyk8ssecure-0.0.1.tar.gz.

File metadata

  • Download URL: ismyk8ssecure-0.0.1.tar.gz
  • Upload date:
  • Size: 6.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.7.0 importlib_metadata/4.8.2 pkginfo/1.8.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.5

File hashes

Hashes for ismyk8ssecure-0.0.1.tar.gz
Algorithm Hash digest
SHA256 9f2f869d5fd1b3b21233b334d7e5ba1afecd83d0512f73febc844547acdaaaf8
MD5 58584df8d1e9365440a99c65e7b858f1
BLAKE2b-256 3d5026683011fad89fa4611b8336e4dd6b00b7bd800028e86164d54978e7bdeb

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page