Site Index¶
A comprehensive index of all documentation in the Kube CINC Secure Scanner project.
Getting Started¶
-
Introduction
- Executive Summary - Brief overview for decision makers
- Quick Start Guide - The fastest way to get up and running
- Technical Overview - High-level technical introduction
-
Core Concepts
- Approach Comparison - Side-by-side comparison of scanning methods
- Decision Matrix - Choose the right approach for your environment
- Security Principles - Core security design principles
Approaches¶
Standard Container Scanning
The Kubernetes API approach uses the train-k8s-container plugin to perform direct API-based scanning of containers.
- Overview - Introduction to direct API scanning
- Implementation - How to implement API-based scanning
- Limitations - Current limitations
- RBAC Configuration - Role-based access control setup
Distroless Container Scanning
The Debug Container approach uses ephemeral debug containers to scan distroless containers.
- Overview - Introduction to debug container scanning
- Distroless Basics - Understanding distroless containers
- Implementation - How to implement debug container scanning
Universal Container Scanning
The Sidecar Container approach uses a shared process namespace to scan any container type.
- Overview - Introduction to sidecar container scanning
- Implementation - How to implement sidecar container scanning
- Pod Configuration - Configure pods for sidecar scanning
- Retrieving Results - Get scan results from sidecar containers
Scripted Automation
Helper scripts provide automated workflows to simplify scanner operations.
- Overview - Introduction to helper scripts
- Available Scripts - List of available scripts
- Scripts vs. Commands - When to use scripts vs. direct commands
Architecture¶
Components¶
- Core Components - Essential system components
- Security Components - Security-specific components
- Communication - Component communication patterns
Diagrams¶
- Component Diagrams - Visual component representations
- Deployment Diagrams - Deployment architecture
- Workflow Diagrams - Workflow visualizations
Workflows¶
- Standard Container - Standard container scanning workflow
- Distroless Container - Distroless container scanning workflow
- Sidecar Container - Sidecar container scanning workflow
- Security Workflows - Security-focused workflows
Deployment¶
- Script Deployment - Script-based deployment
- Helm Deployment - Helm chart deployment
- CI/CD Deployment - CI/CD pipeline deployment
Integrations¶
- GitLab CI - GitLab CI/CD integration
- GitHub Actions - GitHub Actions integration
- GitLab Services - GitLab Services integration
- Custom Integrations - Building custom integrations
Security¶
Principles¶
- Least Privilege - Implementing least privilege access
- Ephemeral Credentials - Using short-lived credentials
- Resource Isolation - Isolating security resources
- Secure Transport - Secure data transfer
Risk Analysis¶
- Risk Model - Security risk model overview
- Kubernetes API Risks - Kubernetes API approach risks
- Debug Container Risks - Debug container approach risks
- Sidecar Container Risks - Sidecar container approach risks
- Mitigations - Risk mitigation strategies
Threat Model¶
- Attack Vectors - Potential attack vectors
- Lateral Movement - Preventing lateral movement
- Token Exposure - Preventing token exposure
- Threat Mitigations - Threat mitigation strategies
Compliance¶
- Approach Comparison - Security approach comparison
- Risk Documentation - Documentation for compliance
- CIS Benchmarks - CIS benchmark compliance
- Kubernetes STIG - Kubernetes STIG compliance
- DISA SRG - DISA SRG compliance
- DoD 8500.01 - DoD 8500.01 compliance
Configuration¶
Kubeconfig¶
- Generation - Generate kubeconfig files
- Management - Manage kubeconfig files
- Security - Secure kubeconfig files
- Dynamic Configuration - Dynamic kubeconfig generation
Thresholds¶
- Basic Configuration - Basic threshold configuration
- Advanced Configuration - Advanced threshold configuration
- Example Configurations - Threshold configuration examples
- CI/CD Thresholds - CI/CD-specific thresholds
Plugins¶
- Distroless Support - Distroless container support
- Implementation - Plugin implementation guide
- Testing - Plugin testing guide
Security Configuration¶
- Hardening - System hardening guide
- Credentials - Credential management
- RBAC - RBAC configuration guide
Helm Charts¶
Overview¶
- Architecture - Helm chart architecture
Scanner Types¶
- Common Scanner - Common scanner chart
- Standard Scanner - Standard scanner chart
- Distroless Scanner - Distroless scanner chart
- Sidecar Scanner - Sidecar scanner chart
Infrastructure¶
- RBAC - RBAC configuration
- Service Accounts - Service account setup
- Namespaces - Namespace management
Usage¶
- Configuration - Chart configuration
- Customization - Chart customization
- Values - Values file reference
Security¶
- Best Practices - Helm chart security best practices
- RBAC Hardening - RBAC hardening for charts
- Risk Assessment - Chart security risk assessment
Operations¶
- Troubleshooting - Chart troubleshooting
- Performance - Performance optimization
- Maintenance - Chart maintenance
Integration¶
Platforms¶
- GitHub Actions - GitHub Actions integration
- GitLab CI - GitLab CI integration
- GitLab Services - GitLab Services integration
Workflows¶
- Standard Container - Standard container CI/CD workflows
- Distroless Container - Distroless container CI/CD workflows
- Sidecar Container - Sidecar container CI/CD workflows
- Security Workflows - Security-focused CI/CD workflows
Examples¶
- GitHub Examples - GitHub integration examples
- GitLab Examples - GitLab integration examples
Configuration¶
- Environment Variables - Environment variable configuration
- Secrets Management - Secrets management in CI/CD
- Thresholds Integration - Threshold integration in CI/CD
- Reporting - CI/CD reporting configuration
Tasks¶
-
Container Scanning
Learn how to scan different types of containers:
- Standard Container Scan - Scan standard containers
- Distroless Container Scan - Scan distroless containers
- Sidecar Container Scan - Scan using sidecar containers
-
CI/CD Integration
Integrate scanning with your CI/CD pipelines:
- GitHub Integration - Integrate with GitHub Actions
- GitLab Integration - Integrate with GitLab CI
-
Kubernetes Setup
Configure your Kubernetes environment:
- Kubernetes Setup - Set up Kubernetes environment
- RBAC Setup - Configure RBAC permissions
-
Deployment
Deploy the scanner infrastructure:
- Helm Deployment - Deploy using Helm charts
- Script Deployment - Deploy using scripts
-
Security Configuration
Secure your scanner deployment:
- Token Management - Manage access tokens
- Thresholds Configuration - Configure security thresholds
Learning Paths¶
-
For New Users
Start here if you're new to the project:
-
:fontawesome-solid-shield-alt:{ .lg .middle } Security-First Approach
Focus on security best practices:
-
Implementation Guide
Step-by-step implementation instructions:
-
Core Concepts
Understand the fundamental concepts:
-
Advanced Features
Explore advanced capabilities:
Utilities and Tools¶
Documentation Utilities¶
- ASCII to Mermaid - Convert ASCII diagrams to Mermaid
- MkDocs Link Fixer - Fix MkDocs links
Contributing¶
Documentation¶
- Documentation Tools - Documentation tooling
- Code Snippets - Code snippet guidance
- Diagram Color Guide - Diagram color guidelines
- STIG API Tools - STIG API tooling
Reference¶
Examples¶
- GitHub Workflow Examples - GitHub workflow examples
- GitLab Pipeline Examples - GitLab pipeline examples
- GitLab Services Examples - GitLab services examples