github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into yamlsupport

Browse Source
This commit is contained in:
David Wertenteil
2021-08-29 10:19:09 +03:00
committed by GitHub
parent 29f4ae368d 81e5bc3991
commit 30324e1c01
1 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@@ -5,19 +5,20 @@
[![Go Report Card](https://goreportcard.com/badge/github.com/armosec/kubescape)](https://goreportcard.com/report/github.com/armosec/kubescape)
Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in [Kubernetes Hardening Guidance by NSA and CISA](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
Tests are configured with YAML files, making this tool easy to update as test specifications evolve.
Use Kubescape to test clusters or scan single YAML files and integrate it to your processes.
<img src="docs/demo.gif">
# TL;DR
## Install & Run
1. Install:
### Install:
```
curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
```
2. Run:
### Run:
```
kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
```
@@ -26,8 +27,23 @@ If you wish to scan all namespaces in your cluster, remove the `--exclude-namesp
<img src="docs/summary.png">
## Usage & Examples
### Pre-Deployment Testing
Check your YAML files before you're deploying, simply add them at the end of command line:
```
kubescape scan framework nsa *.yaml
```
### Integration with other tools
Kubescape can produce output fitting for later processing:
* JSON (`-o json`)
* JUnit XML (`-o junit`)
* Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework
```
kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
@@ -52,12 +68,12 @@ kubescape scan framework nsa https://raw.githubusercontent.com/GoogleCloudPlatfo
* Output in `json` format
```
kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --silence -o json
kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --silence -o json > results.json
```
* Output in `junit` (`xml`) format
* Output in `junit xml` format
```
kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --silence -o junit
kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --silence -o junit > results.xml
```
# How to build