m9sweeper is a free and easy kubernetes security platform. It integrates industry standard open source utilities into a one-stop-shop kubernetes security tool that can walk most kubernetes adminstrators through securing a kubernetes cluster as well as the apps running on the cluster.
m9sweeper makes securing a cluster easy with:
- CVE Scanning
- Enforcement of CVE Scanning Rules
- Reports and Dashboards, including historical reporting to see how your security posture has changed over time
- CIS Security Benchmarking
- Pen Testing
- Deployment Coaching
- Intrusion Detection
- Gatekeeper Policy Management
m9sweeper makes it easy to orchestrate the implementation of a number of free security tools:
Trivy: CVE Scanner
Kubesec: Deployment Best Practices
kube-bench: CIS Benchmarks
OPA Gatekeeper: Compliance and Security Policies
kube-hunter: Cluster Penetration Testing
Project Falco: Intrusion Detection
This project requires a Kubernetes Cluster and uses helm as package manager
Installing Kubernetes Locally with Minikube
Mac: Install from terminal
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64
sudo install minikube-darwin-amd64 /usr/local/bin/minikube
Windows: Install with chocolatey and install a bash client
choco install minikube
choco install git
Both: Start Kubernetes
minikube start --cni calico --kubernetes-version=v1.23.16
kubectl get pods --all-namespaces
More at https://minikube.sigs.k8s.io/docs/start/
While our documentation has more details, installing m9sweeper can be as simple as running a few CLI commands to install it into your own kubernetes cluster with helm.
helm repo add m9sweeper https://m9sweeper.github.io/m9sweeper && \
helm repo update && \
helm upgrade m9sweeper m9sweeper/m9sweeper --install --wait \
--create-namespace --namespace m9sweeper-system \
--set-string dash.init.superAdminEmail="[email protected]" \
--set-string dash.init.superAdminPassword="password" \
--set-string global.jwtSecret="changeme" \
--set-string global.apiKey="YOUR-API-KEY"
The initial project was created by team members at Intelletive Consulting at times when projects were slow or to train new members, but we hope others will contribute as well. Thanks goes to these wonderful people (emoji key):
Jacob Beasley 💻 📖 🔬 📆 🚇 |
jasonWoodman 💻 📖 🔬 📆 🚇 |
Brandan Schmitz 💻 🚇 📖 |
KBerndt10 💻 🚇 |
beckysaunders94 💻 |
Farhan Tanvir 💻 |
jshoberg 💻 |
charisprose 💻 |
Gazi Tarique Mahmud 💻 |
Shibly 💻 |
sabbirali 💻 |
Grant Keiner 💻 |
grantoenges 💻 |
Maggie Tian 💻 |
Rakibul Rushel 💻 |
Jobayer Ahmed 💻 |
Steve Gagnon 💻 |
Khorshed Alam 💻 |
Koti Vellanki 💻 |
Sahil Narang 💻 🚇 |
Shahriya Siddique 💻 |
Raiyan Prodhan 💻 |
Kristin Sandness 💻 |
Samer Sarker 💻 |
This project follows the all-contributors specification. Contributions of any kind welcome!
If you have feature requests, please submit them as github issues and prefix the request with "Feature Request:". If you find the feature has already been requested, then please upvote that feature so we know it is a feature that others are looking for.
This helps us to prioritize further feature development based upon the needs of our users.
Distributed under the Apache License v2. See LICENSE.txt for more information.
Official website - @official_website
Project Link: https://github.com/m9sweeper/m9sweeper