ksail icon indicating copy to clipboard operation
ksail copied to clipboard
verified publisher icon devantler

Add `ksail scan` with support for popular scanning tools like KubeScape, Polaris and K8sGPT

Open devantler opened this issue 1 year ago • 0 comments

Description

KSail should support modern scanning tools to help shift-left. Being able to catch issues with ksail scan in local and CI environments can help harden Kubernetes cluster before the issues are deployed to production.

The implementation should include the following:

  • .NET libraries to embed KubeScape CLI, Polaris CLI, and K8sGPT CLI.
  • .NET library to provide a shared interface, with implementations for KubeScape, Polaris and K8sGPT. This ensures that any future implementations will be compatible with KSail.
  • New KSail command ksail scan with options to enable/disable scanners, and to choose if warnings/errors should cause an interruptible error (makes it possible for CI workflows to enforce high standards)
  • Use declarative configuration of KubeScape, Polaris an K8sGPT. If there are none by default, I should build yaml configs for each.

devantler avatar Sep 30 '24 15:09 devantler