Skip to content

shaneboulden/kacti

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
docs
docs
 
 
.slsa-goreleaser.yml
.slsa-goreleaser.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

kacti logo License: Apache 2.0 | SLSA 3

What is kacti?

kacti is a command-line tool for verification of Kubernetes admission controllers.

kacti is designed to functionally test whether admission control is correctly configured. It attempts to deploy known-bad containers to Kubernetes clusters, and verifies whether the containers successfully deploy.

Quick start

Grab the latest kacti binary:

$ curl -Lo kacti https://github.com/shaneboulden/kacti/releases/latest/download/kacti-linux-amd64 && \
      sudo mv kacti /usr/local/bin/kacti && \
      sudo chmod 0755 /usr/local/bin/kacti

Ensure that you're logged into a Kubernetes cluster and have permissions to create deployments:

$ export KUBECONFIG=/path/to/kubeconfig

$ kubectl auth can-i create deploy
yes

Run kacti:

$ kacti trials --deploy --namespace kacti --image quay.io/smileyfritz/log4shell-app:v0.5 log4shell
 -> Success, Deployment scaled to zero replicas

You can find more kacti guides in the docs.

kacti and SLSA

kacti binaries are signed with Sigstore, and provenance is available and stored in the public-good Rekor instance.

Check out the docs for steps to verify kacti binary provenance.

About

kacti.dev

Topics

kubernetes verification security-tools

Resources

Readme

License

Apache-2.0 license
Activity

Stars

19 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 13

v0.7.1 Latest
Sep 16, 2024
+ 12 releases

Packages

No packages published

Languages