Skip to content
JFrog KubeXray scanner on Kubernetes
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci
.pipeline
.scripts
cmd/kubexray
images
test
.dockerignore
.gitignore
Dockerfile update dockerfile Mar 22, 2019
LICENSE
Makefile
README.md

README.md

JFrog KubeXray scanner on Kubernetes

An open source software project that monitors pods in a Kubernetes cluster to help you detect security & license violations in containers running inside the pod.

KubeXray listens to events from Kubernetes API server, and leverages the metadata from JFrog Xray (commercial product) to ensure that only the pods that comply with your current policy can run on Kubernetes. As an example, KubeXray listens to these event streams:

  • Deployment of a new service
  • Upgrade of an existing service
  • A new license policy, such as a new license type disallowed for runtime.
  • A new security issue

And when an issue is detected, KubeXray responds according to the current policy that you have set.

You can select one of the following possible actions:

  • Scaledown to 0. The desired state of a service's replica count is updated to 0, making the services inactive but still traceable.
  • Delete the corresponding Kubernetes resource that’s pointing to a vulnerable container image(s)
  • Ignore and leave the pod running

KubeXray also allows you to enforce policy for running applications that have not been scanned by JFrog Xray and whose risks are unknown.

Install Instructions

The easiest way to install KubeXray is using the Helm chart

Please follow install instruction from chart's readme

Local development and testing

Building binary

To build kubexray locally

make build

Docker

To build kubexray docker image locally (testing docker image build)

make image

Contributing Code

We welcome community contribution through pull requests.

License

This tool is available under the Apache License, Version 2.0.

(c) All rights reserved JFrog

You can’t perform that action at this time.