What's Changed
- Fixed GitHub Container Registry permissions (added
packages: write) - Corrected Docker image tags to use lowercase repository owner (
devspecops) - Resolved workflow syntax error with
|operator - Docker image now successfully builds and pushes to
ghcr.io/devspecops/k8s-security-linter
🚀 Installation & Usage
Docker
docker pull ghcr.io/devspecops/k8s-security-linter:latest
docker run --rm -v $(pwd):/workspace ghcr.io/devspecops/k8s-security-linter --path /workspace
GitHub Action
- uses: DevSpecOps/k8s-security-linter@v0.1.4
with:
path: './deploy'
Pre-commit hook
Add to .pre-commit-config.yaml:
- repo: https://github.com/DevSpecOps/k8s-security-linter
rev: v0.1.4
hooks:- id: k8s-security-linter
📦 What's inside
5 built‑in security rules (privileged, runAsNonRoot, readOnlyRootFilesystem, memory limits, latest tag)
Rego (OPA) engine for custom policies
Support for Pod, Deployment, StatefulSet, DaemonSet, Job, CronJob
JSON output, exit code 1 on violation
Prometheus metrics (optional)
Donation page with BTC/ETH QR codes
🙏 Support
If this tool helps you, consider donating.