Kubernetes-native security toolkit.
Starboard integrates security tools into the Kubernetes environment, so that users can find and view the risks that relate to different resources in a Kubernetes-native way. Starboard provides Custom Resource Definitions and a Go module to work with a range of existing security scanners, as well as a kubectl-compatible command, the Octant Plugin, and the Lens Extension that make security reports available through familiar Kubernetes tools.
Starboard provides:
- Automated vulnerability scanning for Kubernetes applications.
- Automated configuration audits for Kubernetes resources with predefined rules or custom Open Policy Agent (OPA) policies.
- Automated infrastructures scanning and compliance checks with CIS Benchmarks published by the Center for Internet Security (CIS).
- Penetration test results for a Kubernetes cluster.
Starboard can be run in two different modes:
-
As a Kubernetes operator to automatically update security reports in response to workload and other changes on a Kubernetes cluster - for example, initiating a vulnerability scan when a new Pod is started or running CIS Benchmarks when a new Node is added.
-
As a command, so you can trigger scans and view the risks in a kubectl-compatible way or as part of your CI/CD pipeline.
Although we are trying to keep new releases backward compatible with previous versions, this project is still incubating and some APIs and custom resource definitions may change.
The official Documentation provides detailed installation, configuration, troubleshooting, and quick start guides.
Start by installing the Starboard command From the Binary Releases and follow the Getting Started guide to generate your first vulnerability and configuration audit reports!
Read more about the motivations for the project and use cases in this blog and join our discussions.
At this early stage we would love your feedback on the overall concept of Starboard. Over time we'd love to see contributions integrating different security tools so that users can access security information in standard, Kubernetes-native ways.
- See CONTRIBUTING.md for information about setting up your development environment, and the contribution workflow that we expect.
- See ROADMAP.md for tentative features in a 1.0 release.
- Join our discussions.
Starboard is an Aqua Security open source project.
Learn about our open source work and portfolio here.
Contact us about any matter by opening a GitHub Discussion here.