Command line execution

[sebastien-powl]

Hi,

Could it be possible to launch a full scan with a single command, instead of running the interactive menu and chosing each option please ?

I made it myself locally but it's not very pretty. Let me know.

[lgmorand]

Same need here. I was expecting to put it in a pipeline but it is still expecting interaction.
I have a properly setup kube.config and was expecting kubestriker to load it to target the default endpoint

I see that "api and cicd automation friendly" in the roadmap, do hope, you'll have time to it. would be great for kubestriker adoption <3

[vasantchinnipilli]

Hi @sebastien-powl / @lgmorand ,

Thank you for raising this one.

I am currently working on this and CICD compatible container image will be released in next 10 days with the Updated documentation.

Regards,
Vasant

[lgmorand]

perfect, it you need a tester, I'll be your man :)

[vasantchinnipilli]

@lgmorand / @sebastien-powl

Hey Guys, the CICD compatible version container along with documentation is now updated. Please refer the README Page.

Thanks,
Vasant

[lgmorand]

w00t w00t ! will give a try :)

[lgmorand]

I must be missing something but the doc just says how to remote connect to a spinning connainter with "-it", but it still requires human interactions, inputs, especially in this picture
https://raw.githubusercontent.com/vchinnipilli/kubestriker/master/media/auth.gif

Let's say, I want to do the manual installation, what should I do after to have a full scan without any input required

python -m kubestriker

[lgmorand]

BTW, I don't know how works the doc but it looks buggy. For instance : https://www.kubestriker.io/Types-of-scans does not bring to the right page, it brings the home page.

[vasantchinnipilli]

Hi @lgmorand , Thank you for pointing out this to me. I will look into it.

However, for your question, please refer to the CICD section on the page and you should be able to run the scan without any human interaction after you invoke the scanner.

Regards,
Vasant

[lgmorand]

I'd find simpler to provide the kubeconfig and let kubestriker extract the information instead of providing URL and Token. Let me explain my point of view.
When working with a CSP (AKS,EKS,GKE), the CLI to get credentials (i.e. AKS get-credentials) returns them directly inside the kubeconfig, then we have to manually extract them to pass them to kubestriker.

I'd find it more useful to let kubestricker do the extraction for me, not that it should be his responsability but mainly because ALL users of kubestriker will have to implement a extraction task to get these values.
a lot of tooling around k8s are working like these, you handle the current config of the context and they do the extraction.

I know, that's more work but that would be my feedback :)

[vasantchinnipilli]

Hi @lgmorand ,

Thank you for your feedback. It is really appreciated.

I will make the changes as suggested and will release the next version in a few weeks.

Regards,
Vasant

[0x646e78]

Similar to this request, it would be ideal if choosing 'Perform individual Checks' to then be returned to this prompt, perhaps with an Exit option. Currently if I perform an inidividual check afterward I'm presented with 'continue' or 'exit' and continue starts the process right from the start again (choose config or URL, etc).

[mrrobothack1]

Could it be possible to launch a full scan with a single command, instead of running the interactive menu and choosing each option. Can we run like
python -m kubestriker and then pass the ip, token and what type of scan we need to run
@vasantchinnipilli