Skip to content

lucky-sideburn/secpod_wrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

secpod_wrap.py

secpod_wrap.py

 
 

Repository files navigation

secpod_wrap

Description

A small Python utility for wrapping some CNCF tools.

At moment it wraps Trivy of Aqua Security, store on SQLite CVE of running pods, reports their owners (Jobs, StatefulSets, Deployments,...)

Usage

Store on SQLite a vulnerability detection related to running pods

export K8S_TOKEN="..."
export K8S_URL="https://192.168.58.99:6443"

./secpod_wrap.py store

Example

luckysideburn:~/WORK/secpod_wrap$ ./secpod_wrap.py store
Clean old records of images
Clean old records of cve
Looking for pods running on all namespaces
Scan nginx:1.14.2
CVE-2021-3712 already stored
Scan luckysideburn/kubeinvaders:develop
CVE-2018-12886 already stored
Save record for rancher/klipper-helm:v0.6.4-build20210813
Images scanning completed

List images, pods and their owners (Jobs, StatefulSets, Deployments,...)

export K8S_TOKEN="..."
export K8S_URL="https://192.168.58.99:6443"

./secpod_wrap.py images

Example

luckysideburn:~/WORK/secpod_wrap$ ./secpod_wrap.py images
[
    {
        "image": "nginx:1.14.2",
        "container": "nginx",
        "pod": "nginx-deployment-66b6c48dd5-7p2bj",
        "owner": "nginx-deployment",
        "owen_kind": "Deployment",
        "namespace": "namespace2"
    }
]
[
    {
        "image": "nginx:1.14.2",
        "container": "nginx",
        "pod": "nginx-deployment-66b6c48dd5-7p2bj",
        "owner": "nginx-deployment",
        "owen_kind": "Deployment",
        "namespace": "namespace2"
    }
]

List found vulnerabilities

export K8S_TOKEN="..."
export K8S_URL="https://192.168.58.99:6443"

./secpod_wrap.py vulns

Example

luckysideburn:~/WORK/secpod_wrap$ ./secpod_wrap.py vulns
{
    "cve": [
        {
            "image": "nginx:1.14.2",
            "cve_id": "CVE-2016-2779",
            "installed_version": "2.29.2-1+deb9u1",
            "primary_url": "https://avd.aquasec.com/nvd/cve-2016-2779",
            "severity": "HIGH",
            "owners": [
                {
                    "owner": "nginx-deployment",
                    "owner_kind": "Deployment",
                    "namespace": "namespace2"
                },
                {
                    "owner": "nginx-deployment",
                    "owner_kind": "Deployment",
                    "namespace": "namespace1"
                }
            ]
        },
        {
            "image": "nginx:1.14.2",
            "cve_id": "CVE-2018-12886",
            "installed_version": "6.3.0-18+deb9u1",
            "primary_url": "https://avd.aquasec.com/nvd/cve-2018-12886",
            "severity": "HIGH",
            "owners": [
                {
                    "owner": "nginx-deployment",
                    "owner_kind": "Deployment",
                    "namespace": "namespace2"
                },
                {
                    "owner": "nginx-deployment",
                    "owner_kind": "Deployment",
                    "namespace": "namespace1"
                }
            ]
        }
    ]
}

Help

./secpod_wrap.py --help

About

A small Python utility for wrapping some CNCF tools.

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages