Architectural Components¶
This section provides detailed information about the core architectural components of the Kubernetes CINC Secure Scanner.
Directory Contents
For a complete listing of all files in this section, see the Components Documentation Inventory.
Core Components Overview¶
The Kubernetes CINC Secure Scanner is built on several key components that work together to provide a secure container scanning solution:
- CINC Auditor - The open-source security scanning engine based on InSpec
- Transport Plugin - The train-k8s-container plugin for Kubernetes communication
- Service Accounts - Identity management for secure scanner access
- RBAC Rules - Access control mechanisms for least-privilege scanning
- Container Adapters - Specialized adapters for different container types
- Threshold Validation - MITRE SAF CLI integration for compliance checking
Component Documentation¶
For detailed information about specific components, see these documents:
- Core Components - Detailed information about the main system components
- Security Components - Security-focused components and their roles
- Communication Patterns - How components communicate with each other
Component Relationship Diagram¶
graph TD
CI["CI/CD System"] -->|triggers| SCAN[Container Scan]
SCAN -->|uses| SA[Service Account]
SCAN -->|runs| CINC[CINC Auditor]
CINC -->|uses| TRANSPORT[Transport Plugin]
TRANSPORT -->|connects to| K8S[Kubernetes API]
K8S -->|validates| RBAC[RBAC Rules]
K8S -->|accesses| CONTAINER[Target Container]
CINC -->|produces| RESULTS[Scan Results]
RESULTS -->|validated by| SAF[MITRE SAF CLI]
SAF -->|checks against| THRESHOLD[Threshold Config]
THRESHOLD -->|success/failure| CINext Steps¶
- Explore the Workflows to understand how these components interact
- See Diagram Visualizations for visual representations of system architecture
- Review Deployment Architectures to learn about deployment options