MCPcopy Index your code
hub / github.com/estafette/estafette-vulnerability-scanner

github.com/estafette/estafette-vulnerability-scanner @v0.1.16

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.1.16 ↗ · + Follow
36 symbols 94 edges 3 files 1 documented · 3% updated 3y agov0.1.16 · 2021-06-02★ 502 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

estafette-vulnerability-scanner

An application that regularly scans all images referenced by a Kubernetes cluster for vulnerabilities

License

Why?

In order to scan all used images in a cluster for vulnerabilities this application runs scans of all used images on an interval and outputs Prometheus metrics to indicate the problematic images and their vulnerabilities. The scanner makes use of the Trivy scanner and only looks for vulnerabilities that already have a fix out, to keep any alerts actionable.

Installation

Prepare using Helm:

brew install kubernetes-helm

Then install or upgrade with Helm:

helm repo add estafette https://helm.estafette.io
helm upgrade --install estafette-vulnerability-scanner --namespace estafette estafette/estafette-vulnerability-scanner

Grafana dashboard

The dashboard can be imported into Grafana by loading the file at:

https://raw.githubusercontent.com/estafette/estafette-vulnerability-scanner/master/grafana/dashboard.json

Grafana dashboard

Prometheus alerts

To alert on detected vulnerabilities add the following alerting rules to Prometheus:

groups:
- name: estafette-vulnerability-scanner
  rules:
  - alert: CriticalSeverity
    expr: sum(estafette_vulnerability_scanner_detected_vulnerabilities{release="estafette-vulnerability-scanner",severity="CRITICAL"}) by (image) > 0
    for: 1h
    labels:
      severity: page
    annotations:
      description: A CRITICAL vulnerability has been detected in image {{ $labels.image }}
      summary: A CRITICAL vulnerability has been detected in image {{ $labels.image }}
  - alert: NonCriticalSeverity
    expr: sum(estafette_vulnerability_scanner_detected_vulnerabilities{release="estafette-vulnerability-scanner",severity=~"HIGH|MEDIUM|LOW|UNKNOWN"}) by (image) > 0
    for: 1h
    annotations:
      description: A non-critical vulnerability has been detected in image {{ $labels.image }}
      summary: A non-critical vulnerability has been detected in image {{ $labels.image }}

Extension points exported contracts — how you extend this code

Core symbols most depended-on inside this repo

Shape

Function 25
Method 6
Struct 4
Interface 1

Languages

Go100%

Modules by API surface

main.go19 symbols
scanner.go9 symbols
main_test.go8 symbols

For agents

$ claude mcp add estafette-vulnerability-scanner \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page