starboard-report
This repo aim to enrich the functionality of starboard.
Starboard integrates security tools into the Kubernetes environment, so that users can find and view the risks that relate to different resources in a Kubernetes-native way.
The starboard will watch a certain namespace
for workload(basically the pod
), if pod
created or changed it will do scan(vulnerability scan by Trivy and config audit by Polaris) on it.
The problem is the scan report display, see the picture upper, two way to check the report;
- With CLI command
starboard get report
to generatehtml
file. - Install software
LENS
orOctant
outside the cluster then connect to the cluster to get a panoramic view of whole cluster
The former is not possible in a cluster which from cloud provider. And the latter is not follow the insight of devsecops
.
From the perspective of devsecops
, we believe a application should be self-governing, means after update/installed(by gitops
maybe), there should be a specific report for the application avaiabled for administrator, just for the application.
So, the repo will be part of application
's artifact, act as a security/compliance reporter after every upgrade.