A standalone exporter for vulnerability reports and other CRs created by Starboard.

CircleCI

starboard-exporter

Exposes Prometheus metrics from Starboard's VulnerabilityReport custom resources (CRs).

Metrics

This exporter exposes two types of metrics:

Summary

A summary series exposes the count of CVEs of each severity reported in a given VulnerabilityReport. For example:

starboard_exporter_vulnerabilityreport_image_vulnerability_severity_count{
    image_digest="",
    image_namespace="demo",
    image_repository="giantswarm/starboard-operator",
    image_tag="0.11.0",
    report_name="replicaset-starboard-app-6894945788-starboard-app",
    severity="MEDIUM"
    } 4

This indicates that the giantswarm/starboard-operator image in the demo namespace contains 4 medium-severity vulnerabilities.

Detail / Vulnerability

A detail or vulnerability series exposes fields from each instance of an Aqua Vulnerability. The value of the metric is the Score for the vulnerability. For example:

starboard_exporter_vulnerabilityreport_image_vulnerability{
    fixed_resource_version="1.1.1l-r0",
    image_digest="",
    image_namespace="demo",
    image_repository="giantswarm/starboard-operator",
    image_tag="0.11.0",
    installed_resource_version="1.1.1k-r0",
    report_name="replicaset-starboard-app-6894945788-starboard-app",
    severity="HIGH",
    vulnerability_id="CVE-2021-3712",
    vulnerability_link="https://avd.aquasec.com/nvd/cve-2021-3712",
    vulnerability_title="openssl: Read buffer overruns processing ASN.1 strings",vulnerable_resource_name="libssl1.1"
    } 7.4

This indicates that the vulnerability with the id CVE-2021-3712 was found in the giantswarm/starboard-operator image in the demo namespace, and it has a CVSS 3.x score of 7.4.

An additional series would be exposed for every combination of those labels.

A Note on Cardinality

For some use cases, it is helpful to export additional fields from VulnerabilityReport CRs. However, because many fields contain unbounded arbitrary data, including them in Prometheus metrics can lead to extremely high cardinality. This can drastically impact Prometheus performance. For this reason, we only expose summary data by default and allow users to opt-in to higher-cardinality fields.

Customization

Summary metrics of the format described above are always enabled.

To enable an additional detail series per Vulnerability, use the --target-labels flag to specify which labels should be exposed. For example:

# Expose only select image and CVE fields.
--target-labels=image_namespace,image_repository,image_tag,vulnerability_id

# Run with (almost) all fields exposed as labels, if you're feeling really wild.
--target-labels=all

Target labels can also be set via Helm values:

exporter:
  vulnerabilityReports:
    targetLabels:
      - image_namespace
      - image_repository
      - image_tag
      - vulnerability_id
      - ...
Owner
Giant Swarm
An open source Kubernetes-based Cloud Native Management Platform
Giant Swarm
https://github.com/giantswarm/starboard-exporter
Comments
  • Feature: add other reports

    Feature: add other reports

    Hi,

    is it possible to implement the other starboard reports:

    • [ ] kubehunterreports
    • [x] ciskubebenchreports https://github.com/giantswarm/starboard-exporter/pull/118
    • [x] configauditreports https://github.com/giantswarm/starboard-exporter/pull/72
  • Old metrics still visible

    Old metrics still visible

    I'm using the starboard feature described here https://github.com/giantswarm/starboard-exporter#one-vulnerabilityreport-per-deployment, and even though I don't see old reports anymore with kubectl CLI:

    kubectl get vulnerabilityreport -n gradle-enterprise
NAME                                                      REPOSITORY                                               TAG        SCANNER   AGE
replicaset-5c8b5d8449                                     gradleenterprise/gradle-enterprise-operator-image        2021.4.1   Trivy     82m
replicaset-5cf45f8fd7                                     gradleenterprise/gradle-build-cache-node-image           2021.4.1   Trivy     82m
replicaset-764c4bd49c                                     gradleenterprise/gradle-test-distribution-broker-image   2021.4.1   Trivy     82m
replicaset-gradle-database-5b89d7b595-database            gradleenterprise/gradle-database-image                   2021.4.1   Trivy     82m
replicaset-gradle-database-5b89d7b595-database-tasks      gradleenterprise/gradle-database-image                   2021.4.1   Trivy     82m
replicaset-gradle-metrics-64c7565799-gradle-metrics       gradleenterprise/gradle-metrics-image                    2021.4.1   Trivy     82m
statefulset-gradle-enterprise-app-gradle-enterprise-app   gradleenterprise/gradle-enterprise-app-image             2021.4.1   Trivy     148m
statefulset-gradle-keycloak-gradle-keycloak               gradleenterprise/gradle-keycloak-image                   2021.4.1   Trivy     144m
statefulset-gradle-proxy-gradle-proxy                     gradleenterprise/gradle-proxy-image                      2021.4.1   Trivy     150m

    If I go to the metrics endpoint on starboard exporter, I still see metrics like (notice the image tag version):

    starboard_exporter_vulnerabilityreport_image_vulnerability{image_namespace="gradle-enterprise",image_repository="gradleenterprise/gradle-keycloak-image",image_tag="2021.4",report_name="statefulset-gradle-keycloak-gradle-keycloak",vulnerability_id="CVE-2021-30129"} 6.5

    I guess this is because the report name is not unique in this case, like with replica sets?

  • feat: add metrics for configauditreport summary

    feat: add metrics for configauditreport summary

    This PR add support for configauditreport custom resource metrics

    Should I move the vulnerabityreport_*.go to its own package vulnerabilityreport ?

    I plan to do the same with the ciskubebenchreport, so any feedback is welcome!

  • Add cis benchmarks

    Add cis benchmarks

    Checklist

    • [x] Update changelog in CHANGELOG.md.
    • [x] Make sure values.yaml and values.schema.json are valid.
    • [ ] (Giant Swarm) If creating a release, bump the version and appVersion in Chart.yaml.
  • Helm release v0.3.2 seems to be broken

    Helm release v0.3.2 seems to be broken

    Sorry for crossposting. I opened this issue at the giantswarm-catalog repository but I do not know if this was the correct place: https://github.com/giantswarm/giantswarm-catalog/issues/22

    It seems to me that the Helm release v0.3.2 is broken because the values for the project's branch name and the commit hash are missing in the bundled release file.

  • Enhancement only store metrics from the latest vulnerabilityreports

    Enhancement only store metrics from the latest vulnerabilityreports

    Today when we gather metrics it generates data from all vulnerabilityreports and there is a vulnerabilityreport per replicaset. This makes it looks like we have much more CVE:s in our cluster then we actually do.

    Personally I would have loved to see this solved in starboard following discussions like https://github.com/aquasecurity/starboard/discussions/668 or https://github.com/aquasecurity/starboard/issues/17. But I don't think it's reasonable to get this solved upstream short term.

    Would you be interested having a feature that only checks for the latest vulnerabilityreport?

    I have given this some thought and the first problem that I see is what happens if a user performs a rollback of a deployment? In that case there still would be a new rs and i assume the latest vulnerabilityreport points to that rs and not the old actually active one. This could of course become a problem. I'm not 100% it actually works like this but it's something we would have to verify.

    What do you think?

  • feat: Add starboard-exporter helm chart to ArtifactHub

    feat: Add starboard-exporter helm chart to ArtifactHub

    hi GiantSwarm,

    would be dope to have the starboard-exporter in ArtifactHub, so more people could find this awesome project!

    image

    https://artifacthub.io/packages/search?ts_query_web=starboard-exporter&sort=relevance&page=1

  • Helm, remove unused config and add if statements to be able to disable a few resources

    Helm, remove unused config and add if statements to be able to disable a few resources

    There a number of clusterroles that isn't needed for this controller so I removed them. I couldn't find any kubebuilder definition of the rbac rules so I assume they are manually created.

    I also added if statments so you can disable PSP since it will be deprecated in 1.25 and there are already many other options to PSP. You can also disable networkpolicy now, It should definitely be on by default by sadly there are CNI:s that don't support networkpolicys.

    Removed the configmap that wasn't used and gave an option to disable the usage for pull secret.

    Checklist

    • [X] Update changelog in CHANGELOG.md.
  • ARM images

    ARM images

    Hi, I like your exporter. Could you build and provide images for ARM too, please?

    Or enable affinities via values.yaml?

    E.g:

        spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: kubernetes.io/os
                    operator: In
                    values:
                      - linux
                  - key: kubernetes.io/arch
                    operator: In
                    values:
                      - amd64

    We have clusters with arm-based worker nodes and amd-based worker nodes.

  • Make relabelings configurable in ServiceMonitor

    Make relabelings configurable in ServiceMonitor

    Checklist

    • [x] Update changelog in CHANGELOG.md.
    • [ ] Make sure values.yaml and values.schema.json are valid.
    • [ ] (Giant Swarm) If creating a release, bump the version and appVersion in Chart.yaml.
  • Bump golang from 1.18.3 to 1.19.0

    Bump golang from 1.18.3 to 1.19.0

    Bumps golang from 1.18.3 to 1.19.0.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Replaces starboard with trivy-operator library

    Replaces starboard with trivy-operator library

    Description

    • Replaces starboard with trivy-operator library
    • Removes CIS benchmarks & reporting capabilities

    Checklist

    • [ ] Update changelog in CHANGELOG.md.
    • [x] Make sure values.yaml and values.schema.json are valid.
    • [ ] (Giant Swarm) If creating a release, bump the version and appVersion in Chart.yaml.
  • Bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.14.1

    Bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.14.1

    Bumps sigs.k8s.io/controller-runtime from 0.13.0 to 0.14.1.

    Release notes

    Sourced from sigs.k8s.io/controller-runtime's releases.

    v0.14.1

    Changes since v0.14.0

    :bug: Bug Fixes

    Full Changelog: https://github.com/kubernetes-sigs/controller-runtime/compare/v0.14.0...v0.14.1

    v0.14.0

    Changes since v0.13.1

    :warning: Breaking Changes

    • Add Get functionality to SubResourceClient (#2094)
    • Allow configuring RecoverPanic for controllers globally (#2093)
    • Add client.SubResourceWriter (#2072)
    • Support registration and removal of event handler (#2046)
    • Update Kubernetes dependencies to v0.26 (#2043, #2087)
    • Zap log: Default to RFC3339 time encoding (#2029)
    • cache.BuilderWithOptions inherit options from caller (#1980)

    :sparkles: New Features

    • Builder: Do not require For (#2091)
    • support disable deepcopy on list funcion (#2076)
    • Add cluster.NewClientFunc with options (#2054)
    • Tidy up startup logging of kindWithCache source (#2057)
    • Add function to get reconcileID from context (#2056)
    • feat: add NOT predicate (#2031)
    • Allow to provide a custom lock interface to manager (#2027)
    • Add tls options to manager.Options (#2023)
    • Update Go version to 1.19 (#1986)

    :bug: Bug Fixes

    • Prevent manager from getting started a second time (#2090)
    • Missing error log for in-cluster config (#2051)
    • Skip custom mutation handler when delete a CR (#2049)
    • fix: improve semantics of combining cache selectorsByObject (#2039)
    • Conversion webhook should not panic when conversion request is nil (#1970)

    :seedling: Others

    • Prepare for release 0.14 (#2100)
    • Generate files and update modules (#2096)
    • Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0 (#2097)
    • Bump golang.org/x/time (#2089)
    • Update OWNERS: remove inactive members, promote fillzpp sbueringer (#2088, #2092)
    • Default ENVTEST version to a working one (1.24.2) (#2081)
    • Update golangci-lint to v1.50.1 (#2080)
    • Bump go.uber.org/zap from 1.23.0 to 1.24.0 (#2077)
    • Bump golang.org/x/sys from 0.2.0 to 0.3.0 (#2078)
    • Ignore Kubernetes Dependencies in Dependabot (#2071)

    ... (truncated)

    Commits
    • 84c5c9f 🐛 controllers without For() fail to start (#2108)
    • ddcb99d Merge pull request #2100 from vincepri/release-0.14
    • 69f0938 Merge pull request #2094 from alvaroaleman/subresoruce-get
    • 8738e91 Merge pull request #2091 from alvaroaleman/no-for
    • ca4b4de Merge pull request #2096 from lucacome/generate
    • 5673341 Merge pull request #2097 from kubernetes-sigs/dependabot/go_modules/github.co...
    • 7333aed :seedling: Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.6.0
    • d4f1e82 Generate files and update modules
    • a387bf4 Merge pull request #2093 from alvaroaleman/recover-panic-globally
    • da7dd5d :warning: Allow configuring RecoverPanic for controllers globally
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump golang from 1.19.2 to 1.19.4

    Bump golang from 1.19.2 to 1.19.4

    Bumps golang from 1.19.2 to 1.19.4.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/cespare/xxhash/v2 from 2.1.2 to 2.2.0

    Bump github.com/cespare/xxhash/v2 from 2.1.2 to 2.2.0

    Bumps github.com/cespare/xxhash/v2 from 2.1.2 to 2.2.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0

    Bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0

    Bumps github.com/prometheus/client_golang from 1.13.0 to 1.14.0.

    Release notes

    Sourced from github.com/prometheus/client_golang's releases.

    1.14.0 / 2022-11-08

    It might look like a small release, but it's quite opposite 😱 There were many non user facing changes and fixes and enormous work from engineers from Grafana to add native histograms in 💪🏾 Enjoy! 😍

    What's Changed

    • [FEATURE] Add Support for Native Histograms. #1150
    • [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

    New Contributors

    Full Changelog: https://github.com/prometheus/client_golang/compare/v1.13.1...v1.14.0

    1.13.1 / 2022-11-02

    • [BUGFIX] Fix race condition with Exemplar in Counter. #1146
    • [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
    • [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118

    Full Changelog: https://github.com/prometheus/client_golang/compare/v1.13.0...v1.13.1

    Changelog

    Sourced from github.com/prometheus/client_golang's changelog.

    1.14.0 / 2022-11-08

    • [FEATURE] Add Support for Native Histograms. #1150
    • [CHANGE] Extend prometheus.Registry to implement prometheus.Collector interface. #1103

    1.13.1 / 2022-11-01

    • [BUGFIX] Fix race condition with Exemplar in Counter. #1146
    • [BUGFIX] Fix CumulativeCount value of +Inf bucket created from exemplar. #1148
    • [BUGFIX] Fix double-counting bug in promhttp.InstrumentRoundTripperCounter. #1118
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/buraksezer/consistent from 0.9.0 to 0.10.0

    Bump github.com/buraksezer/consistent from 0.9.0 to 0.10.0

    Bumps github.com/buraksezer/consistent from 0.9.0 to 0.10.0.

    Release notes

    Sourced from github.com/buraksezer/consistent's releases.

    v0.10.0

    This release has the following fixes and improvements:

    • AverageLoad() function panics with "divide by zero" when no members are in the hash ring #19,
    • RLock called twice in GetClosestN and cause deadlock #23,
    • Improve documentation,
    • Validate configuration and add default values to the configuration variables.
    Commits
    • 4516339 refactor: add default values to the configuration
    • 7eb5636 chore: update example in the code
    • ae9f2ab Merge pull request #25 from buraksezer/fix/issue-19
    • dc3cf9d fix: AverageLoad() function panics with "divide by zero" when no members are ...
    • 77eb2fa fix: typo in go-version
    • 162f08a chore: upgrade go versions for test
    • 72ca182 chore: add codeql-analysis.yml
    • 57446c9 refactor: use nil slice declaration
    • a375452 Merge pull request #24 from buraksezer/fix/issue-23
    • 480106b fix: eliminate the deadlock issue mentioned in #23
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Related tags
DevOps Tools kubernetes security prometheus prometheus-exporter starboard
A prometheus exporter which reports metrics about your Gmail inbox.

prometheus-gmail-exporter-go A prometheus exporter for gmail. Heavily inspired by https://github.com/jamesread/prometheus-gmail-exporter, but written

Nov 15, 2022
expose controller, when deployment created service and ingress will be created

expose-controller expose controller, when deployment created service and ingress will be created How to test git clone repository cd expose-controller

Dec 23, 2021
Netstat exporter - Prometheus exporter for exposing reserved ports and it's mapped process

Netstat exporter Prometheus exporter for exposing reserved ports and it's mapped

Feb 3, 2022
Openvpn exporter - Prometheus OpenVPN exporter For golang

Prometheus OpenVPN exporter Please note: This repository is currently unmaintain

Jan 2, 2022
Json-log-exporter - A Nginx log parser exporter for prometheus metrics

json-log-exporter A Nginx log parser exporter for prometheus metrics. Installati

Jan 5, 2022
Amplitude-exporter - Amplitude charts to prometheus exporter PoC

Amplitude exporter Amplitude charts to prometheus exporter PoC. Work in progress

May 26, 2022
Github billing exporter - Billing exporter for GitHub organizations

GitHub billing exporter Forked From: https://github.com/borisputerka/github_bill

Nov 2, 2022
Kubectl-over-env - Created for github actions or any other CI/CD-Pipelining tool which cannot push to a custom local kubernetes cluster

kubectl-over-env This repository was created for github actions or any other CI/

Jan 4, 2022
ginko-volkswagen detects when your tests are being run in a CI server, and reports them as passing

detects when your ginkgo-based tests are being run in a CI server, and reports them as passing

Dec 4, 2021
System agent. Reports server status via HTTP API

sys-agent System agent is a simple service reporting server status via HTTP GET request. usage $ sys-agent -l :8080 -v "root:/" -v "data:/mnt/data" Ap

Dec 20, 2022
MenuStart plugin to nwg-panel, also capable of working standalone
 MenuStart plugin to nwg-panel, also capable of working standalone

nwg-menu This code provides the MenuStart plugin to nwg-panel. It also may be used standalone, however, with a little help from command line arguments

Sep 9, 2022
Run the mysql container standalone

Run the mysql container standalone docker container run -v "//c/Users/javier/Goo

Dec 21, 2021
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI
 A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Table of Contents Abstract Features Installation

Jan 1, 2023
Vulnerability Static Analysis for Containers
 Vulnerability Static Analysis for Containers

Clair Note: The main branch may be in an unstable or even broken state during development. Please use releases instead of the main branch in order to

Jan 4, 2023
🔭 Kubernetes out-cluster vulnerability scanner
 🔭 Kubernetes out-cluster vulnerability scanner

Kubnerable Kubnerable is an out-cluster vulnerability scanner tool for Kubernetes resources. It comes with a predefined vulnerability database (vulner

Mar 26, 2022
Grafana Unauthorized arbitrary file reading vulnerability
 Grafana Unauthorized arbitrary file reading vulnerability

CVE-2021-43798 Grafana Unauthorized arbitrary file reading vulnerability 8.3.1 (2021-12-07) Security: Fixes CVE-2021-43798 . For more information, see

Dec 25, 2022
Dockerized Go app for testing the CVE-2021-44228 vulnerability

docker-log4shell Simple Go app / Docker image for playing with the CVE-2021-44228 vulnerability. Hosts a simple file server and an ldap server that pr

Dec 12, 2021
The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.
 The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.

AWS Service Enumeration Disclaimer The tool is in beta stage (testing in progress), no destructive API Calls used ( read only actions ). I hope, there

Dec 23, 2022
Traefik-redirect-operator is created to substitute manual effort of creating an ingress and service type External.
 Traefik-redirect-operator is created to substitute manual effort of creating an ingress and service type External.

Overview Traefik Redirect Operator is used to help creating a combination of Ingress of Traefik controller along with Service's ExternalName type. The

Sep 22, 2021