Software supply chain security for #Kubernetes apps
Branch: master
Clone or download
Latest commit 7dec1d2 Feb 12, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/ISSUE_TEMPLATE Added issue templates for FR and bug reports Oct 24, 2018
artifacts Add newly added attestationAuthorityNames field to examples Dec 6, 2018
cmd/kritis Fix admission control ignores configured server address Nov 27, 2018
deploy Update references to Makefile rules in documentation & dockerfile. Aug 31, 2018
docs fix yaml syntax Feb 11, 2019
hack removed setting of environment var that doesn't actually fix the unde… Jan 17, 2019
helm-hooks Fix "scope" position of CRD manifests in helm preinstall hook Feb 6, 2019
helm-release added helm automated releases to cloudbuild-release.yaml and more ver… Jul 30, 2018
integration Add newly added attestationAuthorityNames field to examples Dec 6, 2018
kritis-charts removed another occurrence of the obsolete --cron-interval flag Nov 2, 2018
logo Add Kritis logo in PNG and SVG form. Sep 21, 2018
pkg/kritis updated call sites with the new PGPSigningSecret Jan 23, 2019
vendor Test enhancements + typo Oct 8, 2018
.dockerignore Add troubleshooting section Aug 2, 2018
.gitattributes fixed update-codegen and groupname Jun 28, 2018
.gitignore Add Kriti Signer implementation. Aug 20, 2018
.travis.yml Correct .yml file Jun 21, 2018
CHANGELOG.md fix cr comments Aug 13, 2018
CONTRIBUTING.md first commit Jun 13, 2018
DEVELOPMENT.md Fixed the path when checking out repo fork Jan 7, 2019
Gopkg.lock Test enhancements + typo Oct 8, 2018
Gopkg.toml Test enhancements + typo Oct 8, 2018
LICENSE first commit Jun 13, 2018
Makefile Merge branch 'master' into int-testing-makefile-only Sep 5, 2018
README.md fix yaml syntax Feb 11, 2019
RELEASING.md added helm automated releases to cloudbuild-release.yaml and more ver… Jul 30, 2018

README.md

Kritis

GoDoc Widget BuildStatus Widget GoReport Widget

Kritis logo

Kritis (“judge” in Greek), is an open-source solution for securing your software supply chain for Kubernetes applications. Kritis enforces deploy-time security policies using the Google Cloud Container Analysis API, and in a subsequent release, Grafeas.

Here is an example Kritis policy, to prevent the deployment of Pod with a critical vulnerability unless it has been whitelisted:

imageWhitelist:
- gcr.io/my-project/whitelist-image@sha256:<DIGEST>
packageVulnerabilityPolicy:
  maximumSeverity: HIGH
  whitelistCVEs:
    - providers/goog-vulnz/notes/CVE-2017-1000082
    - providers/goog-vulnz/notes/CVE-2017-1000081

In addition to the enforcement this project also contains signers that can be used to create Grafeas Attestation Occurrences to be used in other enforcement systems like Binary Authorization. For details see Kritis Signer.

Getting Started

Support

If you have questions, reach out to us on kritis-users. For questions about contributing, please see the section below.

Contributing

See CONTRIBUTING for details on how you can contribute.

See DEVELOPMENT for details on the development and testing workflow.

License

Kritis is under the Apache 2.0 license. See the LICENSE file for details.