Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
55 lines (34 sloc) 1.96 KB

JFrog KubeXray scanner on Kubernetes

An open source software project that monitors pods in a Kubernetes cluster to help you detect security & license violations in containers running inside the pod.

KubeXray listens to events from Kubernetes API server, and leverages the metadata from JFrog Xray (commercial product) to ensure that only the pods that comply with your current policy can run on Kubernetes. As an example, KubeXray listens to these event streams:

  • Deployment of a new service
  • Upgrade of an existing service
  • A new license policy, such as a new license type disallowed for runtime.
  • A new security issue

And when an issue is detected, KubeXray responds according to the current policy that you have set.

You can select one of the following possible actions:

  • Scaledown to 0. The desired state of a service's replica count is updated to 0, making the services inactive but still traceable.
  • Delete the corresponding Kubernetes resource that’s pointing to a vulnerable container image(s)
  • Ignore and leave the pod running

KubeXray also allows you to enforce policy for running applications that have not been scanned by JFrog Xray and whose risks are unknown.

Install Instructions

The easiest way to install KubeXray is using the Helm chart

Please follow install instruction from chart's readme

Local development and testing

Building binary

To build kubexray locally

make build


To build kubexray docker image locally (testing docker image build)

make image

Contributing Code

We welcome community contribution through pull requests.


This tool is available under the Apache License, Version 2.0.

(c) All rights reserved JFrog

You can’t perform that action at this time.