This software provides the possibility to automatically update the container version of Deployments and StatefulSets in case that they are affected by a CVE on your Kubernetes cluster. It uses Kubeclarity to scan for vulnerabilities and uses Keel.sh to update the container versions to the newest available one.
This project was built during my bachelor thesis. The goal was to implement a system to scan daily the kuberentes cluster for vulnerabilities and automatically update the vulnerable containers to a newer version. As the system under test was a Rancher Kubernetes cluster, a lot of the functionallity is build for it's CRD's.
- Save values.yaml to default file
helm show values oci://ghcr.io/scanyourkube/scanyourkube > values.yaml
- Install ScanYourKube on the Kubernetes cluster
helm install --values values.yaml --create-namespace scanyourkube oci://ghcr.io/scanyourkube/scanyourkube -n scanyourkube
For the purpose of understanding how the components of the software are communicating with each other, the following C4 container diagram should be used.
Further more information about the different components of the job are described in the following C4 component diagram.
- Refactor code to a more general version, which can be used on more Kubernetes clusters
- Refactor the updating component and implement own version