devspace VS ThreatMapper

Check also devspace.sh and okteto.com

There is actually a built-in converter from docker-compose.yaml to devspace.yaml, it is part of the "devspace init" command. There are a few known issues related to it, in case you would like to contribute :)

Wrapping https://devspace.sh in my company's internal CLI to improve development experience

For Kubernetes clusters, https://devspace.sh/ allows you to iterate on your app in a running pod from your IDE. No ci/cd pipeline, no re-applying manifests; it just uploads source code from your local machine and restarts your app for you in an existing pod. Pretty slick!!! But it requires K8s, so some devs may balk at it. (Tilt and Skaffold do the same thing)

We’re excited to announce that DevSpace version 6 has been released. Thanks to everyone who used the alpha and beta versions and gave us feedback.

DevSpace is free, lets you develop natively in the cloud on any K8s cluster. Compatible with any multitenancy solution, policy governance, etc. Works with your IDE of choice. Declarative configuration. Supports custom pipelines and deploy logic. Can link multiple environments together. https://devspace.sh/

My favourite tool in this category is Devspace. As you've requested it is capable of building and deploying multiple images.

Though the Reddit-Mod war has delivered another excellent find. well several actually, but the one I'm posting now is called "Threat Mapper". Its a security scanner, will a fantastic UI, and works across most infrastructure... including VMs, Containers and the main Cloud Providers..

https://github.com/deepfence/ThreatMapper

If you like Wiz.io but don't have a million dollars or so lying around, I'm finding the community edition of Deepfence (https://deepfence.io/) pretty good.

Magpie https://github.com/openraven/magpie ThreatMapper https://github.com/deepfence/ThreatMapper Cloudquery https://github.com/cloudquery/cloudquery

Company: https://deepfence.io

And deepfence.imo for vurnalbility scans https://github.com/deepfence/ThreatMapper

ThreatMapper is an option for your team member, particularly if you're looking to scan Kubernetes or Fargate environments as the installation is very easy. It's a little more complex for hosts (you need to install a docker runtime on each to run the sensor locally), but should be worth any additional trouble. The GUI gives you a map of workloads, traffic flows, vulnerabilities found on each workload and host, and which are highest risk.

Full disclosure - I work for an open source project called ThreatMapper that performs run-time vulnerability scanning and anything you say might be used to make the project better - thank you!