Vessel is a service that watches your kubernetes resources and runs several tools against them.
Vessel stores the results of tools that are run so that you can query them with a simple HTTP / json interface.
Run:
docker run --rm -p 127.0.0.1:8089:8089/tcp --env K8S_URL=http://KUBERNETSURL --env K8S_TOKEN=TOKEN sourcesense/vessel:latestThe official and supported way, go to Vessel Operator.
The query interface is easy, you can pass in querystring the field you want to filter.
The Model of the issue Vessel Collector stores is simple:
name: name of the resource
namespace: namespace of the resource
kind: kind of the resource
issue: the issue
issue_metadata: addintional metadata of the issue
tool: task that generated the issue
created_at: date of the issue
Retrieving issue of deployment and job:
GET http://localhost:8089/query?kind=deployment&kind=jobRetrieving critical CVE:
GET http://localhost:8089/query?issue=CRITICAL_CVEVessel is developed in python and built with poetry
git clone [email protected]:sourcesense/vessel.git
cd vessel
poetry install poetry run vessel server --k8s-url $K8S_URL --k8s-token $K8S_TOKENpoetry run vessel single RESOURCE.yaml- Exit code implementation for CI integration
- Admission control for Kubernetes resources
- Unique web interface for all the Vessel resources
- Implement a scoring system
- Add grype tool
- Add kubelinter tool
- TLS support over Vessel service ingresses.
You are more than welcome to contribute adding new tools to vessel.
Take a look to the contributing guidelines.