kubescape/kubevuln

# Kubevuln [](https://securityscorecards.dev/viewer/?uri=github.com/kubescape/kubevuln) [](https://app.fossa.com/projects/git%2Bgithub.com%2Fkubescape%2Fkubevuln?ref=badge_shield&issueType=license) Kubevuln 组件是 Kubescape 安全平台的集群内组件。 它[扫描容器镜像以发现漏洞](https://www.armosec.io/blog/code-repository-container-image-registry-scanning/?utm_source=github&utm_medium=repository)，使用 Grype 作为其扫描引擎。 ## 构建 Kubevuln 要构建 kubevuln 及其依赖项，请运行：`make` ## 配置 1. 使用 `CONFIG` 环境变量加载配置文件 `export CONFIG=path/to/clusterData.json`

示例/clusterData.json

{ "gatewayWebsocketURL": "127.0.0.1:8001", "gatewayRestURL": "127.0.0.1:8002", "kubevulnURL": "127.0.0.1:8080", "kubescapeURL": "127.0.0.1:8080", "eventReceiverRestURL": "https://report.armo.cloud", "eventReceiverWebsocketURL": "wss://report.armo.cloud", "rootGatewayURL": "wss://ens.euprod1.cyberarmorsoft.com/v1/waitfornotification", "accountID": "*********************", "clusterName": "******" }

2. 将 `PORT` 环境变量设置为 8081 `export PORT=8080` ## 环境变量 查看 `scanner/environmentvariables.go` ## VS Code 配置示例 您可以使用下面的示例文件来设置您的 [VS Code](https://www.armosec.io/blog/securing-ci-cd-pipelines-security-gates/?utm_source=github&utm_medium=repository) 环境，用于构建和调试目的。

.vscode/launch.json

``` { "version": "0.2.0", "configurations": [ { "name": "Launch Package", "type": "go", "request": "launch", "mode": "auto", "program": "${workspaceRoot}", "env": { "PORT": "8080", "NAMESPACE": "kubescape", "CONFIG": "${workspaceRoot}/.vscode/clusterData.json", }, "args": [ "-alsologtostderr", "-v=4", "2>&1" ] } ] } ``` 我们将 Kubevuln 配置为监听端口 8080，并在 clusterData.json 文件中定义配置，[如上所述](https://github.com/kubescape/kubevuln#configuration)。

## 变更日志 Kubevuln 的变更在[发布](https://github.com/kubescape/kubevuln/releases)页面进行跟踪

标签：AI应用开发, Chrome Headless, EVTX分析, Grype引擎, Kubernetes安全, Kubescape生态, URL发现, Web截图, 二进制发布, 子域名突变, 安全检测, 容器安全, 容器漏洞管理, 容器镜像扫描, 开源工具, 日志审计, 集群内组件