MCPcopy
hub / github.com/zegl/kube-score

github.com/zegl/kube-score @v1.20.0 sqlite

repository ↗ · DeepWiki ↗ · release v1.20.0 ↗
764 symbols 1,920 edges 86 files 33 documented · 4%
README

Security Context

The default container-security-context check checks the SecurityContext for

  • Containers with writeable root filesystems
  • Containers that run with user ID or group ID < 10000
  • Privileged containers

If you do not want all of this checks you can disable container-security-context and enable one or more of the following optional checks:

  • container-security-context-user-group-id
  • container-security-context-privileged
  • container-security-context-readonlyrootfilesystem

Removal timeline of container-security-context

container-security-context has been deprecated (see #204, #325, #326).

The checks that has container-security-context preformed has been split into three different checks, which where all introduced in v1.10.

  • v1.10: Introduce the three new checks (opt-in), and officially deprecate container-security-context.
  • v1.12: Make container-security-context optional (opt-in), and make the three new checks run by default.
  • v1.13: Remove container-security-context.

In v1.10, run kube-score with the following flags to ensure compatability with v1.12 and later:

kube-score score \
    --enable-optional-test container-security-context-user-group-id \
    --enable-optional-test container-security-context-privileged \
    --enable-optional-test container-security-context-readonlyrootfilesystem \
    --ignore-test container-security-context

Note: The "flip" and the deletion of the tests where originally scheduled to happen in v1.11 and v1.12. This did not happend, and the migration is now scheduled for v1.12 and v1.13 instead.

Extension points exported contracts — how you extend this code

PodSpecer (Interface)
(no doc) [16 implementers]
domain/kube-score.go
CheckFunc (FuncType)
(no doc)
score/checks/checks.go
Window (Interface)
(no doc)
web/src/Run.tsx
FileLocationer (Interface)
(no doc) [33 implementers]
domain/kube-score.go
HpaTargeter (Interface)
(no doc) [6 implementers]
domain/kube-score.go
NamedReader (Interface)
(no doc) [3 implementers]
domain/kube-score.go
Ingress (Interface)
(no doc) [3 implementers]
domain/kube-score.go

Core symbols most depended-on inside this repo

AddComment
called by 68
scorecard/scorecard.go
GetPodTemplateSpec
called by 32
domain/kube-score.go
decode
called by 28
parser/parse.go
enosys
called by 27
web/public/wasm_exec.js
GetObjectMeta
called by 26
domain/kube-score.go
AddIfErr
called by 25
parser/error.go
reg
called by 19
score/checks/checks.go
Service
called by 12
domain/kube-score.go

Shape

Function 402
Method 251
Struct 77
Interface 25
TypeAlias 4
FuncType 3
Class 2

Languages

Go93%
TypeScript7%

Modules by API surface

domain/kube-score.go64 symbols
web/public/wasm_exec.js49 symbols
score/score_test.go49 symbols
score/checks/checks.go40 symbols
parser/parse.go24 symbols
parser/internal/hpa.go24 symbols
score/apps_test.go21 symbols
score/apps/apps_test.go21 symbols
parser/internal/deployment.go21 symbols
score/container/container_test.go20 symbols
sarif/sarif.go19 symbols
score/security_test.go17 symbols

Dependencies from manifests, versioned

github.com/buildkite/terminal-to-htmlv3.2.0+incompatible · 1×
github.com/davecgh/go-spewv1.1.2-0.20180830191 · 1×
github.com/eidolon/wordwrapv0.0.0-2016101118220 · 1×
github.com/fxamacker/cbor/v2v2.7.0 · 1×
github.com/go-logr/logrv1.4.2 · 1×
github.com/google/gofuzzv1.2.0 · 1×
github.com/json-iterator/gov1.1.12 · 1×
github.com/jstemmer/go-junit-report/v2v2.1.0 · 1×
github.com/kr/textv0.2.0 · 1×

For agents

$ claude mcp add kube-score \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact