The Kubevuln component is an in-cluster component of the Kubescape security platform.
It scans container images for vulnerabilities, using Grype as its engine.
To build kubevuln with its dependencies run: make
-
Load config file using the
CONFIGenvironment variableexport CONFIG=path/to/clusterData.jsonexample/clusterData.json
{ "gatewayWebsocketURL": "127.0.0.1:8001", "gatewayRestURL": "127.0.0.1:8002", "kubevulnURL": "127.0.0.1:8080", "kubescapeURL": "127.0.0.1:8080", "eventReceiverRestURL": "https://report.armo.cloud", "eventReceiverWebsocketURL": "wss://report.armo.cloud", "rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification", "accountID": "*********************", "clusterName": "******" }
-
Set the
PORTenvironment variable to 8081
export PORT=8080
Check out scanner/environmentvariables.go
You can use the samples files below to setup your VS code environment for building and debugging purposes.
.vscode/launch.json
{
"version": "0.2.0",
"configurations": [
{
"name": "Launch Package",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceRoot}",
"env": {
"PORT": "8080",
"NAMESPACE": "kubescape",
"CONFIG": "${workspaceRoot}/.vscode/clusterData.json",
},
"args": [
"-alsologtostderr", "-v=4", "2>&1"
]
}
]
}We configure the Kubevuln to listen to port 8080, and define the configuration in the clusterData.json file as mentioned above.