1. Introduction to Validkube
Validkube makes use for various open source projects, for maintain yaml files basically. It is a tool by komodor or more than that is it a simple browser that can easily manipulate and maintain your yaml files.
2. Uses of Validkube
It is grate tool tool that use to validate, audit, secure your custom yaml files in simple way. Not only that we can easily secure and clear our files whenever a checks fails or a security vulnerability are present over a yaml file. This tool can easily manage those things and remove vulnerabilities. This tool use various integration to manage this things like
- Validate - Verify your Kubernetes configuration files @ kubeconform
- Clean - Remove clutter from your Kubernetes manifests @ kubectl-neat
- Secure - Scan your YAML code for security vulnerabilities @ trivy
- Audit -Validation of best practices for your yaml @ polaris
- Secure -Scan your YAML file for Devops best practices and security vulnerabilities @ kubescape
- SBOM - Scan your container image for SBoMs @ trivy
3. Validkube integration with Kubescape
There is an latest update implement on validkube that is can easily integrate with kubescape so it is very easy to scure your custom yaml files or kubernetes manifest files use this feature.
4. What is Kubescape
Kubescape is a Kubernetes open-source platform that provides a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC (role-based access control) visualizer, and image vulnerabilities scanning.
Kubescape is a K8s open-source tool providing a Kubernetes single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning. Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the NSA-CISA, MITRE ATT&CKยฎ), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time.
It has become one of the fastest-growing Kubernetes tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins precious time, effort, and resources. Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, Prometheus, and Slack, and supports multi-cloud K8s deployments like EKS, GKE, and AKS.
5. How to use
Just go through this link validkube
We can easily take a sample yaml file from example tab
To check simply click on validation tab to check your yaml file is valid or not.
There is a error while yaml validation check, so we replace sting with a integer.
Also clean and cut out your yaml file to make this file unique.
Male security check by clicking secure(Trivy) tab
Simply audit your yaml files using Audit(polaris) tab
Another security vulnerability check using validkube
6. Resources
๐ฉ validkube.com
๐ฉ komodor.com
๐ฉ youtu.be/5fLA-WBK49w
๐ฉ youtu.be/5XlhLD7pyFU
7. Get involved
๐ฑ Twitter
๐ฑ Linkedin
๐ฑ Github
That's all for this blog, I hope you will learn something new. And feel free to share your thoughts and feedback, Thanks for reading.
Feel free to reach out me ๐
Twitter ๐ฑ
LinkedIn ๐ฑ
Github ๐ฑ