Skip to content
This repository has been archived by the owner on Mar 18, 2024. It is now read-only.

Latest commit

 

History

History
79 lines (66 loc) · 3.46 KB

README.md

File metadata and controls

79 lines (66 loc) · 3.46 KB

The Klustair client searches your Kubernetes namespaces for the used images and scans them with Trivy.

Related Klustair projects:

Related opensource projects

  • trivy A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts
  • kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls

Installation

Binaries

Download the binaries from the releases page. Unpack the archive and move the klustair-cli binary to your bin $PATH (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on.

Homebrew

brew tap klustair/klustair-cli 
brew install klustair-cli

Usage

klustair-cli [global options]

optional arguments:
   --verbose, -V                          increase output verbosity (default: false) [$KLUSTAIR_VERBOSE]
   --debug, -d                            debug mode (default: false) [$KLUSTAIR_DEBUG]
   --namespaces value, -n value           Coma separated whitelist of Namespaces to check [$KLUSTAIR_NAMESPACES]
   --namespacesblacklist value, -N value  Coma separated whitelist of Namespaces to check [$KLUSTAIR_NAMESPACESBLACKLIST]
   --kubeaudit value, -k value            Coma separated list of audits to run. [$KLUSTAIR_KUBEAUDIT]
   --trivy, -t                            Run Trivy vulnerability checks (default: false) [$KLUSTAIR_TRIVY]
   --label value, -l value                A optional title for your run [$KLUSTAIR_LABEL]
   --repocredentialspath value, -c value  Path to repo credentials for trivy [$KLUSTAIR_REPOCREDENTIALSPATH]
   --limitdate value, --ld value          Remove reports older than X days (default: 0) [$KLUSTAIR_LIMITDATE]
   --limitnr value, --ln value            Keep only X reports (default: 0) [$KLUSTAIR_LIMITNR]
   --configkey value, -C value            Load remote configuration from frontend [$KLUSTAIR_CONFIGKEY]
   --apihost value, -H value              Remote API-host address (example: https://localhost:8443) [$KLUSTAIR_APIHOST]
   --apitoken value, -T value             API Access Token from Klustair Frontend [$KLUSTAIR_APITOKEN]
   --help, -h                             show help (default: false)
   --version, -v                          print the version (default: false)

klustair cli output

ENV vars (not set by commandline)

export TRIVY_USERNAME=....
export TRIVY_PASSWORD=....
export TRIVY_REGISTRY_TOKEN=....
export TRIVY_INSECURE=false
export TRIVY_NON_SSL=false
export TRIVY_DEBUG=false
export TRIVY_QUIET=true

Installation

go get -v github.com/klustair/klustair-cli

develop

git clone [email protected]:klustair/klustair-cli.git
cd klustair-cli
go run cmd/klustair/main.go

build

go build -o bin/klustair-cli cmd/klustair/main.go

FAQ

Why is the klustair client so big (~80MB)?

  • it contains the trivy binary(~32MB) and the kubeaudit binary (~30MB).