Open Source runtime scanner for Linux containers (LXD), It performs security audit checks based on CIS Linux containers Benchmark specification

Overview

Go Report Card License
lxd-probe logo

lxd-probe

Scan your Linux container runtime !!

Lxd-Probe is an open source audit scanner who perform audit check on a linux container manager and output a security report.

The audit tests are the full implementation of CIS Lxd Benchmark specification

audit result now can be leveraged as webhook via user plugin(using go plugin)

Audit checks are performed on linux containers, and output audit report include :

  1. root cause of the security issue.
  2. proposed remediation for security issue

Installation

git clone https://github.com/chen-keinan/kube-beacon
cd kube-beacon
make build
./lxd-probe

Note : lxd-probe require privileged user to execute tests

Quick Start

Usage: lxd-probe [--version] [--help] <command> [<args>]

Available commands are:
  -r , --report :  run audit tests and generate failure report
  -i , --include:  execute only specific audit test,   example -i=1.2.3,1.4.5
  -e , --exclude:  ignore specific audit tests,  example -e=1.2.3,1.4.5
Issues
  • chore(deps): bump github.com/cheggaaa/pb from 1.0.29 to 2.0.7+incompatible

    chore(deps): bump github.com/cheggaaa/pb from 1.0.29 to 2.0.7+incompatible

    Bumps github.com/cheggaaa/pb from 1.0.29 to 2.0.7+incompatible.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • chore(deps): bump github.com/mitchellh/cli from 1.1.2 to 1.1.3

    chore(deps): bump github.com/mitchellh/cli from 1.1.2 to 1.1.3

    Bumps github.com/mitchellh/cli from 1.1.2 to 1.1.3.

    Commits
    • 628e665 update README
    • a59f761 update README
    • 4a82e7e switch to GitHub actions
    • f3e6757 go mod tidy
    • 878f83b Merge pull request #87 from radeksimko/bump-sprig
    • 249ea46 Merge pull request #93 from kmoe/kmoe/subcommand-suffix-parsing
    • 4bb9ba2 exclude flags from subcommand parsing
    • 3bf635d add failing test for subcommand argument parsing
    • aa63a5c deps: bump Masterminds/sprig to v3 (go.mod enabled version)
    • 5454ffe Merge pull request #85 from santosh653/master
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0

    chore(deps): bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0

    Bumps github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0.

    Changelog

    Sourced from github.com/mitchellh/mapstructure's changelog.

    1.5.0

    • New option IgnoreUntaggedFields to ignore decoding to any fields without mapstructure (or the configured tag name) set GH-277
    • New option ErrorUnset which makes it an error if any fields in a target struct are not set by the decoding process. GH-225
    • New function OrComposeDecodeHookFunc to help compose decode hooks. GH-240
    • Decoding to slice from array no longer crashes GH-265
    • Decode nested struct pointers to map GH-271
    • Fix issue where ,squash was ignored if Squash option was set. GH-280
    • Fix issue where fields with ,omitempty would sometimes decode into a map with an empty string key GH-281
    Commits
    • ab69d8d update CHANGELOG to 1.5.0
    • bd687ea update CHANGELOG
    • c9b585b update test to not rely on fmt
    • 5a2eb61 Merge pull request #281 from semrekkers/issue-238
    • 74e07d1 update CHANGELOG
    • 3a684c7 Merge pull request #240 from julnicolas/feature/add_or_compose_decode_hook_func
    • 0bb6a2e Merge branch 'master' into feature/add_or_compose_decode_hook_func
    • ac10e22 update CHANGELOG
    • 8385cfa Merge pull request #225 from SaschaRoland/unset-fields
    • 17e49ec update CHANGELOG
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump actions/setup-go from 2 to 3

    chore(deps): bump actions/setup-go from 2 to 3

    Bumps actions/setup-go from 2 to 3.

    Release notes

    Sourced from actions/setup-go's releases.

    v3.0.0

    What's Changed

    Breaking Changes

    With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

    This new major release removes the stable input, so there is no need to specify additional input to use pre-release versions. This release also corrects the pre-release versions syntax to satisfy the SemVer notation (1.18.0-beta1 -> 1.18.0-beta.1, 1.18.0-rc1 -> 1.18.0-rc.1).

    steps:
      - uses: actions/[email protected]
      - uses: actions/[email protected]
        with:
          go-version: '1.18.0-rc.1' 
      - run: go version
    

    Add check-latest input

    In scope of this release we add the check-latest input. If check-latest is set to true, the action first checks if the cached version is the latest one. If the locally cached version is not the most up-to-date, a Go version will then be downloaded from go-versions repository. By default check-latest is set to false. Example of usage:

    steps:
      - uses: actions/[email protected]
      - uses: actions/[email protected]
        with:
          go-version: '1.16'
          check-latest: true
      - run: go version
    

    Moreover, we updated @actions/core from 1.2.6 to 1.6.0

    v2.1.5

    In scope of this release we updated matchers.json to improve the problem matcher pattern. For more information please refer to this pull request

    v2.1.4

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4

    v2.1.3

    • Updated communication with runner to use environment files rather then workflow commands

    v2.1.2

    This release includes vendored licenses for this action's npm dependencies.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 0
  • chore(deps): bump go.uber.org/fx from 1.17.0 to 1.17.1

    chore(deps): bump go.uber.org/fx from 1.17.0 to 1.17.1

    Bumps go.uber.org/fx from 1.17.0 to 1.17.1.

    Release notes

    Sourced from go.uber.org/fx's releases.

    v1.17.1

    Added

    • Logging for provide/invoke/decorate now includes the associated fx.Module name.
    Changelog

    Sourced from go.uber.org/fx's changelog.

    1.17.1 - 2021-03-23

    Added

    • Logging for provide/invoke/decorate now includes the associated fx.Module name.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump github.com/magiconair/properties from 1.8.5 to 1.8.6

    chore(deps): bump github.com/magiconair/properties from 1.8.5 to 1.8.6

    Bumps github.com/magiconair/properties from 1.8.5 to 1.8.6.

    Changelog

    Sourced from github.com/magiconair/properties's changelog.

    1.8.6 - 23 Feb 2022

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1

    chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1

    Bumps github.com/stretchr/testify from 1.7.0 to 1.7.1.

    Commits
    • 083ff1c Fixed didPanic to now detect panic(nil).
    • 1e36bfe Use cross Go version compatible build tag syntax
    • e798dc2 Add docs on 1.17 build tags
    • 83198c2 assert: guard CanConvert call in backward compatible wrapper
    • 087b655 assert: allow comparing time.Time
    • 7bcf74e fix msgAndArgs forwarding
    • c29de71 add tests for correct msgAndArgs forwarding
    • f87e2b2 Update builds
    • ab6dc32 fix linting errors in /assert package
    • edff5a0 fix funtion name
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump go.uber.org/fx from 1.13.1 to 1.17.0

    chore(deps): bump go.uber.org/fx from 1.13.1 to 1.17.0

    Bumps go.uber.org/fx from 1.13.1 to 1.17.0.

    Release notes

    Sourced from go.uber.org/fx's releases.

    v1.17.0

    Added

    • Add fx.Module which scopes any modifications made to the dependency graph.
    • Add fx.Decorate and fx.Replace that lets you modify a dependency graph with decorators.
    • Add fxevent.Decorated event which gets emitted upon a dependency getting decorated.

    Changed

    • fx.Annotate: Validate that fx.In or fx.Out structs are not passed to it.
    • fx.Annotate: Upon failure to Provide, the error contains the actual location of the provided constructor.

    v1.16.0

    Added

    • Add the ability to provide a function as multiple interfaces at once using fx.As.

    Changed

    • fx.Annotate: support variadic functions, and feeding value groups into them.

    Fixed

    • Fix an issue where OnStop hooks weren't getting called on SIGINT on Windows.
    • Fix a data race between app.Done() and shutdown.

    v1.15.0

    Added

    • Add fx.Annotate to allow users to provide parameter and result tags easily without having to create fx.In or fx.Out structs.
    • Add fx.As that allows users to annotate a constructor to provide its result type(s) as interface(s) that they implement instead of the types themselves.

    Fixed

    • Fix fxevent.Stopped not being logged when App.Stop is called.
    • Fix fxevent.Started or fxevent.Stopped not being logged when start or stop times out.

    v1.14.2

    Changed

    • For fxevent console implementation: no longer log non-error case for fxevent.Invoke event, while for zap implementation, start logging fx.Invoking case without stack.

    v1.14.1

    Changed

    • fxevent.Invoked was being logged at Error level even upon successful Invoke. This was changed to log at Info level when Invoke succeeded.

    v1.14.0

    Added

    • Introduce the new fx.WithLogger option. Provide a constructor for fxevent.Logger objects with it to customize how Fx logs events.

    ... (truncated)

    Changelog

    Sourced from go.uber.org/fx's changelog.

    1.17.0 - 2021-02-28

    Added

    • Add fx.Module which scopes any modifications made to the dependency graph.
    • Add fx.Decorate and fx.Replace that lets you modify a dependency graph with decorators.
    • Add fxevent.Decorated event which gets emitted upon a dependency getting decorated.

    Changed

    • fx.Annotate: Validate that fx.In or fx.Out structs are not passed to it.
    • fx.Annotate: Upon failure to Provide, the error contains the actual location of the provided constructor.

    1.16.0 - 2021-12-02

    Added

    • Add the ability to provide a function as multiple interfaces at once using fx.As.

    Changed

    • fx.Annotate: support variadic functions, and feeding value groups into them.

    Fixed

    • Fix an issue where OnStop hooks weren't getting called on SIGINT on Windows.
    • Fix a data race between app.Done() and shutdown.

    1.15.0 - 2021-11-08

    Added

    • Add fx.Annotate to allow users to provide parameter and result tags easily without having to create fx.In or fx.Out structs.
    • Add fx.As that allows users to annotate a constructor to provide its result type(s) as interface(s) that they implement instead of the types themselves.

    Fixed

    • Fix fxevent.Stopped not being logged when App.Stop is called.
    • Fix fxevent.Started or fxevent.Stopped not being logged when start or stop times out.

    1.14.2 - 2021-08-16

    Changed

    • For fxevent console implementation: no longer log non-error case for fxevent.Invoke event, while for zap implementation, start logging fx.Invoking case without stack.

    [1.14.1] - 2021-08-16

    Changed

    • fxevent.Invoked was being logged at Error level even upon successful Invoke.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump go.uber.org/zap from 1.18.1 to 1.21.0

    chore(deps): bump go.uber.org/zap from 1.18.1 to 1.21.0

    Bumps go.uber.org/zap from 1.18.1 to 1.21.0.

    Release notes

    Sourced from go.uber.org/zap's releases.

    v1.21.0

    1.21.0 (7 Feb 2022)

    Enhancements:

    • #1047[]: Add zapcore.ParseLevel to parse a Level from a string.
    • #1048[]: Add zap.ParseAtomicLevel to parse an AtomicLevel from a string.

    Bugfixes:

    • #1058[]: Fix panic in JSON encoder when EncodeLevel is unset.

    Other changes:

    • #1052[]: Improve encoding performance when the AddCaller and AddStacktrace options are used together.

    #1047: uber-go/zap#1047 #1048: uber-go/zap#1048 #1052: uber-go/zap#1052 #1058: uber-go/zap#1058

    Thanks to @​aerosol and @​Techassi for their contributions to this release.

    v1.20.0

    Enhancements:

    • #989[]: Add EncoderConfig.SkipLineEnding flag to disable adding newline characters between log statements.
    • #1039[]: Add EncoderConfig.NewReflectedEncoder field to customize JSON encoding of reflected log fields.

    Bugfixes:

    • #1011[]: Fix inaccurate precision when encoding complex64 as JSON.
    • #554[], #1017[]: Close JSON namespaces opened in MarshalLogObject methods when the methods return.
    • #1033[]: Avoid panicking in Sampler core if thereafter is zero.

    Other changes:

    • #1028[]: Drop support for Go < 1.15.

    #554: uber-go/zap#554 #989: uber-go/zap#989 #1011: uber-go/zap#1011 #1017: uber-go/zap#1017 #1028: uber-go/zap#1028 #1033: uber-go/zap#1033 #1039: uber-go/zap#1039

    Thanks to @​psrajat, @​lruggieri, @​sammyrnycreal for their contributions to this release.

    v1.19.1

    ... (truncated)

    Changelog

    Sourced from go.uber.org/zap's changelog.

    1.21.0 (7 Feb 2022)

    Enhancements:

    • #1047[]: Add zapcore.ParseLevel to parse a Level from a string.
    • #1048[]: Add zap.ParseAtomicLevel to parse an AtomicLevel from a string.

    Bugfixes:

    • #1058[]: Fix panic in JSON encoder when EncodeLevel is unset.

    Other changes:

    • #1052[]: Improve encoding performance when the AddCaller and AddStacktrace options are used together.

    #1047: uber-go/zap#1047 #1048: uber-go/zap#1048 #1052: uber-go/zap#1052 #1058: uber-go/zap#1058

    Thanks to @​aerosol and @​Techassi for their contributions to this release.

    1.20.0 (4 Jan 2022)

    Enhancements:

    • #989[]: Add EncoderConfig.SkipLineEnding flag to disable adding newline characters between log statements.
    • #1039[]: Add EncoderConfig.NewReflectedEncoder field to customize JSON encoding of reflected log fields.

    Bugfixes:

    • #1011[]: Fix inaccurate precision when encoding complex64 as JSON.
    • #554[], #1017[]: Close JSON namespaces opened in MarshalLogObject methods when the methods return.
    • #1033[]: Avoid panicking in Sampler core if thereafter is zero.

    Other changes:

    • #1028[]: Drop support for Go < 1.15.

    #554: uber-go/zap#554 #989: uber-go/zap#989 #1011: uber-go/zap#1011 #1017: uber-go/zap#1017 #1028: uber-go/zap#1028 #1033: uber-go/zap#1033 #1039: uber-go/zap#1039

    Thanks to @​psrajat, @​lruggieri, @​sammyrnycreal for their contributions to this release.

    1.19.1 (8 Sep 2021)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • chore(deps): bump actions/checkout from 2 to 3

    chore(deps): bump actions/checkout from 2 to 3

    Bumps actions/checkout from 2 to 3.

    Release notes

    Sourced from actions/checkout's releases.

    v3.0.0

    • Update default runtime to node16

    v2.4.0

    • Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

    v2.3.5

    Update dependencies

    v2.3.4

    v2.3.3

    v2.3.2

    Add Third Party License Information to Dist Files

    v2.3.1

    Fix default branch resolution for .wiki and when using SSH

    v2.3.0

    Fallback to the default branch

    v2.2.0

    Fetch all history for all tags and branches when fetch-depth=0

    v2.1.1

    Changes to support GHES (here and here)

    v2.1.0

    Changelog

    Sourced from actions/checkout's changelog.

    Changelog

    v2.3.1

    v2.3.0

    v2.2.0

    v2.1.1

    • Changes to support GHES (here and here)

    v2.1.0

    v2.0.0

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies github_actions 
    opened by dependabot[bot] 0
Releases(v0.2.0)
Owner
Chen Keinan
Chen Keinan
🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

CVE-2021-44228 Log4J Vulnerability can be detected at runtime and attack paths can be visualized by ThreatMapper. Live demo of Log4J Vulnerability her

null 1.5k May 10, 2022
Open Source runtime tool which help to detect malware code execution and run time mis-configuration change on a kubernetes cluster

Kube-Knark Project Trace your kubernetes runtime !! Kube-Knark is an open source tracer uses pcap & ebpf technology to perform runtime tracing on a de

Chen Keinan 29 Feb 27, 2022
Kubei is a flexible Kubernetes runtime scanner, scanning images of worker and Kubernetes nodes providing accurate vulnerabilities assessment, for more information checkout:

Kubei is a vulnerabilities scanning and CIS Docker benchmark tool that allows users to get an accurate and immediate risk assessment of their kubernet

Portshift 585 May 17, 2022
An open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developersAn open-source, distributed, cloud-native CD (Continuous Delivery) product designed for developers

Developer-oriented Continuous Delivery Product ⁣ English | 简体中文 Table of Contents Zadig Table of Contents What is Zadig Quick start How to use? How to

null 0 Oct 19, 2021
Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

Vilicus Table of Contents Overview How does it work? Architecture Development Run deployment manually Usage Example of analysis Overview Vilicus is an

Ederson Brilhante 76 Mar 22, 2022
Audit your egress connections and finally populate this OUTPUT chain !

egress-auditor Audit your egress connections and finally populate this OUTPUT chain ! Summary egress-auditor will monitor new outbound connections and

devops.works 6 Mar 9, 2022
Kubedock is a minimal implementation of the docker api that will orchestrate containers on a Kubernetes cluster, rather than running containers locally.

Kubedock Kubedock is an minimal implementation of the docker api that will orchestrate containers on a kubernetes cluster, rather than running contain

Vincent van Dam 60 May 7, 2022
Kubelet-bench - Example Go-based e2e benchmark for various Kubelet operations without spinning up whole K8s cluster

kubelet-bench An example of Go based e2e benchmark for various Kubelet operation

Bartlomiej Plotka 3 Mar 17, 2022
runtime - an abstraction library on top of the Open Policy Agent (OPA)

runtime - an abstraction library on top of the Open Policy Agent (OPA) Introduction The "runtime" project is a library that sits on top of OPA. The go

 Aserto Inc 17 May 2, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
GitHub Action: Compose multiple (conditional) checks into a single check based on file paths in a pull request

GitHub Action: Composite Example Usage --- name: All Checks on: pull_request: branches: - main jobs: meta: runs-on: - ubuntu-20.

Blend 13 Apr 18, 2022
Truly Minimal Linux Distribution for Containers

Statesman Statesman is a minimal Linux distribution, running from memory, that has just enough functionality to run OCI-compatible containers. Rationa

James Cunningham 3 Nov 12, 2021
Write controller-runtime based k8s controllers that read/write to git, not k8s

Git Backed Controller The basic idea is to write a k8s controller that runs against git and not k8s apiserver. So the controller is reading and writin

Darren Shepherd 50 Dec 10, 2021
A set of tests to check compliance with the Prometheus Remote Write specification

Prometheus Remote Write Compliance Test This repo contains a set of tests to check compliance with the Prometheus Remote Write specification. The test

Tom Wilkie 88 May 8, 2022
Common Expression Language -- specification and binary representation

The Common Expression Language (CEL) implements common semantics for expression evaluation, enabling different applications to more easily interoperate.

Google 1.3k May 12, 2022
Test and benchmark KPHP code

Overview ktest is a tool that makes kphp programs easier to test. ktest phpunit can run PHPUnit tests using KPHP ktest bench run benchmarks using KPHP

VK.com 7 Dec 7, 2021
OpenAIOS is an incubating open-source distributed OS kernel based on Kubernetes for AI workloads

OpenAIOS is an incubating open-source distributed OS kernel based on Kubernetes for AI workloads. OpenAIOS-Platform is an AI development platform built upon OpenAIOS for enterprises to develop and deploy AI applications for production.

4Paradigm 73 May 10, 2022
Hexa is the open-source, standards-based policy orchestration software for multi-cloud and hybrid businesses.

Hexa Policy Orchestrator Hexa is the open-source, standards-based policy orchestration software for multi-cloud and hybrid businesses. The Hexa projec

Hexa Policy Orchestration 25 Apr 28, 2022
Prevent Kubernetes misconfigurations from ever making it (again 😤) to production! The CLI integration provides policy enforcement solution to run automatic checks for rule violations. Docs: https://hub.datree.io

What is Datree? Datree helps to prevent Kubernetes misconfigurations from ever making it to production. The CLI integration can be used locally or in

datree.io 5.5k May 12, 2022