klustair-cli

module

v0.8.1 Latest Latest Go to latest Published: Jun 15, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/klustair/klustair-cli

Links

Open Source Insights

README ¶

KlustAIR Client

The Klustair client searches your Kubernetes namespaces for the used images and scans them with Trivy.

Klustair Frontend to view the scanner results
Klustair Helm charts to run Klustair Cronjob, API and Frontend

trivy A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts
kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls

Installation

Binaries

Download the binaries from the releases page. Unpack the archive and move the klustair-cli binary to your bin $PATH (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on.

Homebrew

brew tap klustair/klustair-cli 
brew install klustair-cli

Usage

klustair-cli [global options]

optional arguments:
   --verbose, -V                          increase output verbosity (default: false) [$KLUSTAIR_VERBOSE]
   --debug, -d                            debug mode (default: false) [$KLUSTAIR_DEBUG]
   --namespaces value, -n value           Coma separated whitelist of Namespaces to check [$KLUSTAIR_NAMESPACES]
   --namespacesblacklist value, -N value  Coma separated whitelist of Namespaces to check [$KLUSTAIR_NAMESPACESBLACKLIST]
   --kubeaudit value, -k value            Coma separated list of audits to run. [$KLUSTAIR_KUBEAUDIT]
   --trivy, -t                            Run Trivy vulnerability checks (default: false) [$KLUSTAIR_TRIVY]
   --label value, -l value                A optional title for your run [$KLUSTAIR_LABEL]
   --repocredentialspath value, -c value  Path to repo credentials for trivy [$KLUSTAIR_REPOCREDENTIALSPATH]
   --limitdate value, --ld value          Remove reports older than X days (default: 0) [$KLUSTAIR_LIMITDATE]
   --limitnr value, --ln value            Keep only X reports (default: 0) [$KLUSTAIR_LIMITNR]
   --configkey value, -C value            Load remote configuration from frontend [$KLUSTAIR_CONFIGKEY]
   --apihost value, -H value              Remote API-host address (example: https://localhost:8443) [$KLUSTAIR_APIHOST]
   --apitoken value, -T value             API Access Token from Klustair Frontend [$KLUSTAIR_APITOKEN]
   --help, -h                             show help (default: false)
   --version, -v                          print the version (default: false)

klustair cli output

ENV vars (not set by commandline)

export TRIVY_USERNAME=....
export TRIVY_PASSWORD=....
export TRIVY_REGISTRY_TOKEN=....
export TRIVY_INSECURE=false
export TRIVY_NON_SSL=false
export TRIVY_DEBUG=false
export TRIVY_QUIET=true

Installation

go get -v github.com/klustair/klustair-cli

develop

git clone git@github.com:klustair/klustair-cli.git
cd klustair-cli
go run cmd/klustair/main.go

build

go build -o bin/klustair-cli cmd/klustair/main.go

FAQ

Why is the klustair client so big (~80MB)?

it contains the trivy binary(~32MB) and the kubeaudit binary (~30MB).

Directories ¶

Path	Synopsis
cmd
klustair
klustair/app
pkg
api
klustair
kubeaudit
kubectl
trivyscanner

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

README ¶

KlustAIR Client

Related Klustair projects:

Related opensource projects

Installation

Binaries

Homebrew

Usage

ENV vars (not set by commandline)

Installation

develop

build

FAQ

Directories ¶