Skip to content

Commit

Permalink
Add integration to kubescape
Browse files Browse the repository at this point in the history
  • Loading branch information
nirsht committed May 25, 2022
1 parent d12008f commit 7a888e1
Show file tree
Hide file tree
Showing 10 changed files with 108 additions and 19 deletions.
5 changes: 4 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -107,4 +107,7 @@ dist
.netlify

#deploy
/bin
/bin

#vscode
*.vscode
5 changes: 5 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ RUN wget https://github.com/FairwindsOps/polaris/releases/download/5.0.0/polaris
RUN tar xf polaris_linux_amd64.tar.gz
RUN cp polaris /usr/local/bin

RUN curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
RUN cp kubescape /usr/lcoal/bin

FROM golang:1.17

ARG FUNCTION_DIR="/var/task"
Expand All @@ -25,6 +28,8 @@ COPY --from=deps /usr/local/bin/kubeval /usr/local/bin/kubeval
RUN chmod +x /usr/local/bin/kubeval
COPY --from=deps /usr/local/bin/polaris /usr/local/bin/polaris
RUN chmod +x /usr/local/bin/polaris
COPY --from=deps /usr/local/bin/kubescape /usr/local/bin/kubescape
RUN chmod +x /usr/local/bin/kubescape


# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)
Expand Down
4 changes: 4 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,12 @@ run-container-local:
docker run -it --entrypoint /bin/bash validkube

start-local-backend:
export ALLOWED_ORIGIN=http://localhost:3000
go run backend/development/localdev.go

start-local-frontend:
cd frontend && yarn start

deploy-backend: clean build
sls deploy --verbose

Expand Down
63 changes: 63 additions & 0 deletions backend/api/kubescape/kubescape.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
package kubescape

import (
"fmt"
"io/ioutil"
"net/http"
"os/exec"

"github.com/gin-gonic/gin"
"github.com/komodorio/validkube/backend/api/utils"
"github.com/komodorio/validkube/backend/internal/routing"
"sigs.k8s.io/yaml"
)

const Path = "/kubescape"
const Method = routing.POST

func kubescapeWrapper(inputYaml []byte) ([]byte, error) {
err := utils.CreateDirectory("/tmp/yaml")
if err != nil {
return nil, err
}

err = utils.WriteFile("/tmp/yaml/target_yaml.yaml", inputYaml)
if err != nil {
return nil, err
}

outputFile := "/tmp/yaml/output.json"
exec.Command("kubescape", "scan", "/tmp/yaml/target_yaml.yaml", "-o", outputFile, "-f", "json").Output()

outputFromKubescapeAsJson, err := ioutil.ReadFile(outputFile)
if err != nil {
return nil, err
}

outputFromKubescapeAsYaml, err := yaml.JSONToYAML(outputFromKubescapeAsJson)
if err != nil {
return nil, err
}
return outputFromKubescapeAsYaml, nil
}

func ProcessRequest(c *gin.Context) {
body, err := ioutil.ReadAll(c.Request.Body)
if err != nil {
fmt.Printf("Erorr has with reading request body: %v", err)
c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
return
}
bodyAsMap, err := utils.JsonToMap(body)
if err != nil {
c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
return
}
yamlAsInterface := bodyAsMap["yaml"]
kubescapeOutput, err := kubescapeWrapper(utils.InterfaceToBytes(yamlAsInterface))
if err != nil {
c.JSON(http.StatusOK, gin.H{"data": "", "err": err.Error()})
return
}
c.JSON(http.StatusOK, gin.H{"data": string(kubescapeOutput), "err": nil})
}
4 changes: 3 additions & 1 deletion backend/api/utils/files.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package utils

import "os"
import (
"os"
)

func WriteFile(path string, data []byte) error {
file, err := os.Create(path)
Expand Down
6 changes: 6 additions & 0 deletions backend/endpoints/endpoints.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"github.com/gin-gonic/gin"
"github.com/komodorio/validkube/backend/api/hello"
"github.com/komodorio/validkube/backend/api/kubeneat"
"github.com/komodorio/validkube/backend/api/kubescape"
"github.com/komodorio/validkube/backend/api/kubeval"
"github.com/komodorio/validkube/backend/api/polaris"
"github.com/komodorio/validkube/backend/api/trivy"
Expand Down Expand Up @@ -41,4 +42,9 @@ var Endpoints = []Endpoint{
Method: polaris.Method,
Function: polaris.ProcessRequest,
},
{
Path: kubescape.Path,
Method: kubescape.Method,
Function: kubescape.ProcessRequest,
},
}
16 changes: 14 additions & 2 deletions frontend/src/components/MainView/YamlBox/NewYaml.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,13 @@ import {
} from "./YamlBoxComponents";
import CodeEditor from "@uiw/react-textarea-code-editor";

export const API_ENDPOINTS = ["kubeval", "kubeneat", "trivy", "polaris"];
export const API_ENDPOINTS = [
"kubeval",
"kubeneat",
"trivy",
"polaris",
"kubescape",
];

const Container = styled.div``;

Expand Down Expand Up @@ -76,7 +82,13 @@ const NewYaml: React.FC<NewYamlProps> = ({
curTab,
setCurTab,
}) => {
const tabs = ["Validate", "Clean", "Secure (Trivy)", "Audit (Polaris)"];
const tabs = [
"Validate",
"Clean",
"Secure (Trivy)",
"Audit (Polaris)",
"Audit (Kubescape)",
];

return (
<Container>
Expand Down
9 changes: 0 additions & 9 deletions frontend/src/tests/App.test.tsx

This file was deleted.

5 changes: 0 additions & 5 deletions frontend/src/tests/setupTests.ts

This file was deleted.

10 changes: 9 additions & 1 deletion serverless.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ functions:
- http:
path: /kubeval
method: post
cors: true
cors: true
Polaris:
image:
name: validkube
Expand All @@ -60,6 +60,14 @@ functions:
path: /polaris
method: post
cors: true
Kubescape:
image:
name: validkube
events:
- http:
path: /kubescape
method: post
cors: true

resources:
- ${file(s3-bucket.yml)}

0 comments on commit 7a888e1

Please sign in to comment.