Kubevuln

The Kubevuln component is an in-cluster component of the Kubescape security platform. It scans container images for vulnerabilities, using Grype as its engine.

Build Kubevuln

To build kubevuln with its dependencies run: make

Configuration

1. Load config file using the CONFIG environment variable

   export CONFIG=path/to/clusterData.json

   example/clusterData.json

   {
       "gatewayWebsocketURL": "127.0.0.1:8001",
       "gatewayRestURL": "127.0.0.1:8002",
       "kubevulnURL": "127.0.0.1:8080",
       "kubescapeURL": "127.0.0.1:8080",
       "eventReceiverRestURL": "https://report.armo.cloud",
       "eventReceiverWebsocketURL": "wss://report.armo.cloud",
       "rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification",
       "accountID": "*********************",
       "clusterName": "******"
      }

2. Set the PORT environment variable to 8081 export PORT=8080

Environment Variables

Check out scanner/environmentvariables.go

VS code configuration samples

You can use the samples files below to setup your VS code environment for building and debugging purposes.

.vscode/launch.json

{
    "version": "0.2.0",
    "configurations": [
        {
            "name": "Launch Package",
            "type": "go",
            "request": "launch",
            "mode": "auto",
            "program":  "${workspaceRoot}",
                 "env": {
                     "PORT": "8080",
                     "NAMESPACE": "kubescape",
                     "CONFIG": "${workspaceRoot}/.vscode/clusterData.json",
            },
            "args": [
                "-alsologtostderr", "-v=4", "2>&1"
            ]
        }
    ]
}

We configure the Kubevuln to listen to port 8080, and define the configuration in the clusterData.json file as mentioned above.

Changelog

Kubevuln changes are tracked on the release page