Skip to content

Latest commit

 

History

History
57 lines (38 loc) · 2.86 KB

README.md

File metadata and controls

57 lines (38 loc) · 2.86 KB

Audit scanner

Artifact HUB OpenSSF Best Practices FOSSA Status FOSSA Status

Note well: don't forget to checkout Kubewarden's documentation for more information

The Audit scanner inspects the resources defined in the cluster and identifies the ones that are violating Kubewarden policies.

The results of the scan can be made available via PolicyReport objects. Each Namespace has its own dedicated PolicyReport. Cluster-wide resources compliance is available via the ClusterPolicyReport resource.

Instead of relying on PolicyReport objects, one can also configure Audit scanner to save all this information in-memory only, by specifying --store memory.

Deployment

We recommend to rely on the kubewarden-controller and the Kubernetes Custom Resources provided by it to deploy the Kubewarden stack.

Building

You can use the container image we maintain inside of our GitHub Container Registry.

Alternatively, the audit-scanner binary can be built in this way:

$ make build

Have a look at CONTRIBUTING.md for more developer information.

For implementation details, see RFC-11, RFC-12.

Software bill of materials

Audit scanner has its software bill of materials (SBOM) published every release. It follows the SPDX version 2.2 format and it can be found together with the signature and certificate used to signed it in the release assets

Security

The Kubewarden team is security conscious. You can find our threat model assessment and responsible disclosure approach in our Kubewarden docs.