Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today. Learn more →
Gatekeeper-library Alternatives
Similar projects and alternatives to gatekeeper-library
-
OPA (Open Policy Agent)
An open source, general-purpose policy engine.
-
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
-
opa-image-scanner
Kubernetes Admission Controller for Image Scanning using OPA
-
-
conftest
Write tests against structured configuration data using the Open Policy Agent Rego query language
-
-
SonarLint
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
-
docker-bench-security
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
-
-
-
prometheus
The Prometheus monitoring system and time series database.
-
-
Grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
-
-
OSQuery
SQL powered operating system instrumentation, monitoring, and analytics.
-
-
-
kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
client_golang
Prometheus instrumentation library for Go applications
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
gatekeeper-library reviews and mentions
- OPA Rego is ridiculously confusing - best way to learn it?
-
Container security best practices: Comprehensive guide
Many more examples are available in the OPA Gatekeeper library project!
-
Expose Open Policy Agent/Gatekeeper Constraint Violations for Kubernetes Applications with Prometheus and Grafana
by default and exposes metrics on path ```/metrics``` . It can run locally on your development box as long as you have a valid Kubernetes configuration in your home folder (i.e. if you can run kubectl and have the right permissions). When running on the cluster a ```incluster``` parameter is passed in so that it knows where to look up for the cluster credentials. Exporter program connects to Kubernetes API every 10 seconds to scrape data from Kubernetes API. We've used [this](https://medium.com/teamzerolabs/15-steps-to-write-an-application-prometheus-exporter-in-go-9746b4520e26) blog post as the base for the code. ## Demo Let's go ahead and prepare our components so that we have a Grafana dashboard to show us which constraints have been violated and how the number of violations evolve over time. ### 0) Required tools - [Git](https://git-scm.com/downloads): A git cli is required to checkout the repo and - [Kubectl](https://kubernetes.io/docs/tasks/tools/) and a working K8S cluster - [Ytt](https://carvel.dev/ytt/): This is a very powerful yaml templating tool, in our setup it's used for dynamically overlaying a key/value pair in all constraints. It's similar to Kustomize, it's more flexibel than Kustomize and heavily used in some [Tanzu](https://tanzu.vmware.com/tanzu) products. - [Kustomize](https://kustomize.io/): Gatekeeper-library relies on Kustomize, so we need it too. - [Helm](https://helm.sh/): We will install Prometheus and Grafana using helm - Optional: [Docker](https://www.docker.com/products/docker-desktop): Docker is only optional as we already publish the required image on dockerhub. ### 1) Git submodule update Run ```git submodule update --init``` to download gatekeeper-library dependency. This command will download the [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library) dependency into folder ```gatekeeper-library/library``` . ### 2) Install OPA/Gatekeeper If your K8S cluster does not come with Gatekeeper preinstalled, you can use install it as explained [here](https://open-policy-agent.github.io/gatekeeper/website/docs/install/). If you are familiar with helm, the easiest way to install is as follows: ```bash helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts helm install gatekeeper/gatekeeper --generate-name
-
Who is doing image scanning on an admission controller? (Open source)
Gatekeeper library has example policies for restricting image repositories: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general
-
Mental models for understanding Kubernetes Pod Security Policy PSP
You should check out the Gatekeeper project. There's plenty of templates available for use without having to write a single line of rego for most use cases (e.g https://github.com/open-policy-agent/gatekeeper-library)
-
A note from our sponsor - SonarLint
www.sonarlint.org | 8 Feb 2023
Stats
open-policy-agent/gatekeeper-library is an open source project licensed under Apache License 2.0 which is an OSI approved license.
Popular Comparisons
- gatekeeper-library VS OPA (Open Policy Agent)
- gatekeeper-library VS helm-charts
- gatekeeper-library VS opa-scorecard
- gatekeeper-library VS tfsec
- gatekeeper-library VS opa-image-scanner
- gatekeeper-library VS conftest
- gatekeeper-library VS cfn_nag
- gatekeeper-library VS docker-bench-security
- gatekeeper-library VS prometheus
- gatekeeper-library VS gatekeeper