README
¶
Ocular extends Kubernetes to provide static scanning configuration that enables you to perform regular or ad-hoc security scans over static software assets. It provides a set of custom resource definitions that allow you to configure and run security or compliance scanning tools.
Overview
Ocular is a Kubernetes API extension that allows you to perform security scans on static software assets. It provides a set of custom resource definitions that allow you to configure and run security or compliance scanning tools over static software assets, such as git repositories, container images, or any static content that can be represented on a file system.
It is designed to allow for both regular scans on a scheduled basis or, ad-hoc security scans ran on demand. The system allows for the user to customize not only the scanning tools that are used, but also:
- How scan targets are enumerated (e.g. git repositories, container images, etc.)
- How those scan targets are downloaded into the scanning environment (e.g. git clone, container pull, etc.)
- How the scanning tools are configured and run (e.g. custom command line arguments, environment variables, etc.)
- Where the results are sent (e.g. to a database, to a file, to a cloud storage etc.)
Each of these components can be configured independently, allowing for a high degree of flexibility and customization. Each of the 4 components (enumeration, download, scanning, and results) can be customized via a container image that implements a specific interface, normally through environment variables, command line arguments and file mounts.
For more information on Ocular and how to use it, see the Ocular project site.
Getting started
Installation via Helm
See the installation guide on our documentation site for instructions on how to install Ocular via Helm.
Running locally
See DEVELOPMENT.md for instructions on how to run the application locally.
Contact
We are constantly learning about emerging use cases and are always interested in hearing about how you use Ocular. If you would like to talk, please get in touch.
Documentation
¶
Overview ¶
Package ocular is a package to provide the Ocular application, a code scanning orchestration tool for static application security testing. It is designed to have easily swappable components depending on: what you want to scan with, how you want to enumerate targets, and where you want to upload results to.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1beta1
Package v1 contains API Schema definitions for the v1 API group.
|
Package v1 contains API Schema definitions for the v1 API group. |
|
cmd
|
|
|
controller
command
|
|
|
sidecar
command
Utility image to transfer files between scanners and uploaders.
|
Utility image to transfer files between scanners and uploaders. |
|
internal
|
|
|
pkg
|
|
|
generated/clientset/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
|
generated/clientset/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
|
generated/clientset/typed/api/v1beta1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
|
generated/clientset/typed/api/v1beta1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
|
test
|
|