OSS
Kubernetes best practices made easy!
Simplify Kubernetes operations: Easily identify misconfigurations and vulnerabilities in your environments.
OSS
Kubernetes best practices made easy!
Simplify Kubernetes operations: Easily identify misconfigurations and vulnerabilities in your environments.
OSS
Kubernetes best practices made easy!
Simplify Kubernetes operations: Easily identify misconfigurations and vulnerabilities in your environments.
Terminal - csh - 470x304
user: ~(kind-kind:N/A) ~$ kubectl get clusterscans
NAME
cluster
schedule
suspend
plugins
cloud
cloud
*/2 * * * *
false
marvin, popeye
payments
payments
*/4 * * * *
false
marvin, popeye
cripto
cripto
*/2 * * * *
false
marvin, popeye
user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system
NAME
IMAGE
TYPE
AGE
marvin
ghcr.io/undistro/marvin:v0.2.0
misconfiguration
5m32s
popeye
ghcr.io/undistro/popeye:pr252
misconfiguration
5m32s
user: ~(kind-kind:N/A)
|
Terminal - csh - 470x304
user: ~(kind-kind:N/A) ~$ kubectl get clusterscans
NAME
cluster
schedule
suspend
plugins
cloud
cloud
*/2 * * * *
false
marvin, popeye
payments
payments
*/4 * * * *
false
marvin, popeye
cripto
cripto
*/2 * * * *
false
marvin, popeye
user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system
NAME
IMAGE
TYPE
AGE
marvin
ghcr.io/undistro/marvin:v0.2.0
misconfiguration
5m32s
popeye
ghcr.io/undistro/popeye:pr252
misconfiguration
5m32s
user: ~(kind-kind:N/A)
|
What is Zora OSS?
Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.
By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.
What is Zora OSS?
Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.
By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.
New feature
New feature
Terminal - csh - 1000x300
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
HIGH
MEDIUM
kind-kind-dockerioistioexamplesbookinfodetailsv1
kind-kind
docker.io/istio/bookinfo:1.18.0-details-v1:1
1108
85
344
487
kind-kind-dockerioistioexamplesbookinfoproductpa
kind-kind
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
kind-kind
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-dockerioistioexampleewsv11180-6kxc5
kind-kind
registry.k8s.io/kube-proxy:v1.29.2
80
29
31
30
kind-kind-dockerioistioexamplesbookinfoproductpa
kind-kind
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
kind-kind
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-ghcrioundistromarvinv021-6kxc5
kind-kind
registry.k8s.io/kube-scheduler:v1.29.2
7
1
3
2
Terminal - csh - 1000x300
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
HIGH
MEDIUM
kind-kind-dockerioistioexamplesbookinfodetailsv1
kind-kind
docker.io/istio/bookinfo:1.18.0-details-v1:1
1108
85
344
487
kind-kind-dockerioistioexamplesbookinfoproductpa
kind-kind
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
kind-kind
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-dockerioistioexampleewsv11180-6kxc5
kind-kind
registry.k8s.io/kube-proxy:v1.29.2
80
29
31
30
kind-kind-dockerioistioexamplesbookinfoproductpa
kind-kind
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
kind-kind
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-ghcrioundistromarvinv021-6kxc5
kind-kind
registry.k8s.io/kube-scheduler:v1.29.2
7
1
3
2
Image scanning with Trivy
Receive reports of problems found in the resources used by the images in your clusters. Using Trivy, you can now guarantee another layer of security for your Kuberentes clusters by periodically scanning your images.
Take advantage of image scanning and discover a set of vulnerabilities (CVEs) that are affecting your clusters' images and that may be harming your Kubernetes environments.
Image scanning with Trivy
Receive reports of problems found in the resources used by the images in your clusters. Using Trivy, you can now guarantee another layer of security for your Kuberentes clusters by periodically scanning your images.
Take advantage of image scanning and discover a set of vulnerabilities (CVEs) that are affecting your clusters' images and that may be harming your Kubernetes environments.
What Zora offer you
What Zora offer you
Terminal - csh - 600x190
user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system
NAME
IMAGE
TYPE
AGE
marvin
ghcr.io/undistro/marvin:v0.2.0
misconfiguration
5m32s
popeye
ghcr.io/undistro/popeye:pr252
misconfiguration
5m32s
Multi-plugin architecture
Zora seamlessly integrates open source tools like Popeye, Marvin, and Trivy that report into its multi-plugin architecture as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.
Terminal - csh - 600x190
user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system
NAME
IMAGE
TYPE
AGE
marvin
ghcr.io/undistro/marvin:v0.2.0
misconfiguration
5m32s
popeye
ghcr.io/undistro/popeye:pr252
misconfiguration
5m32s
Multi-plugin architecture
Zora seamlessly integrates open source tools like Popeye, Marvin, and Trivy that report into its multi-plugin architecture as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.
Kubernetes-native
All scan configurations and plugin reports, including misconfigurations and vulnerabilities, are securely stored as CRDs (Custom Resource Definitions) within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl command.
Terminal - csh - 600x270
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
schedule
suspend
plugins
LAST STATUS
ISSUES
cloud
cloud
*/2 * * * *
false
marvin, popeye
Complete
48
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
ID
MESSAGE
SEVERITY
cloud
cloud
custom-101
Allowed privilege escalation
Medium
cloud
cloud
M-201
Automounted service account token
Medium
Kubernetes-native
All scan configurations and plugin reports, including misconfigurations and vulnerabilities, are securely stored as CRDs (Custom Resource Definitions) within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl command.
Terminal - csh - 600x270
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
schedule
suspend
plugins
LAST STATUS
ISSUES
cloud
cloud
*/2 * * * *
false
marvin, popeye
Complete
48
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
ID
MESSAGE
SEVERITY
cloud
cloud
custom-101
Allowed privilege escalation
Medium
cloud
cloud
M-201
Automounted service account token
Medium
Terminal - csh - 600x245
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
kind-kind-dockerioistio
kind-kind
docker.io/istio/bookinfo:1.1
1108
85
kind-kind-dockerioistio
kind-kind
docker.io/istio/examples-book
347
31
kind-kind-dockerioistio
kind-kind
ghcr.io/undistro/marvin:v0.2
196
85
kind-kind-dockerioistio
kind-kind
registry.k8s.io/kube-proxy:v1.0
80
29
kind-kind-ghcrioundistr
kind-kind
registry.k8s.io/kube:v1.29.2
7
1
Trivy
new feature
Image scanning
Gain insights into potential issues affecting your cluster's resources by scanning container images with Trivy. This periodic process helps strengthen your Kubernetes security posture by identifying vulnerabilities (CVEs) in your images that could compromise your environment
Terminal - csh - 600x245
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
kind-kind-dockerioistio
kind-kind
docker.io/istio/bookinfo:1.1
1108
85
kind-kind-dockerioistio
kind-kind
docker.io/istio/examples-book
347
31
kind-kind-dockerioistio
kind-kind
ghcr.io/undistro/marvin:v0.2
196
85
kind-kind-dockerioistio
kind-kind
registry.k8s.io/kube-proxy:v1.0
80
29
kind-kind-ghcrioundistr
kind-kind
registry.k8s.io/kube:v1.29.2
7
1
Trivy
new feature
Image scanning
Gain insights into potential issues affecting your cluster's resources by scanning container images with Trivy. This periodic process helps strengthen your Kubernetes security posture by identifying vulnerabilities (CVEs) in your images that could compromise your environment
Kubernetes compliance
Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.
Terminal - csh - 600x190
ID
MESSAGE
SEVERITY
CATEGORY
custom-002
Required labels
Low
Custom
M-201
Automounted service account token
High
Security
M-201
Host namespaces
High
Security
POP-204
No probes defined
Low
Security
POP-178
No resources requests defined
Medium
Best Practices
POP-178
Not allowed volume type
Low
Best Practices
POP-178
Container could be running as root user
Low
Best Practices
POP-178
Not allowed seccomp profile
High
Best Practices
POP-178
Not allowed added/dropped capabilities
Medium
Best Practices
40 +
checks
Kubernetes compliance
Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.
Terminal - csh - 600x190
ID
MESSAGE
SEVERITY
CATEGORY
custom-002
Required labels
Low
Custom
M-201
Automounted service account token
High
Security
M-201
Host namespaces
High
Security
POP-204
No probes defined
Low
Security
POP-178
No resources requests defined
Medium
Best Practices
POP-178
Not allowed volume type
Low
Best Practices
POP-178
Container could be running as root user
Low
Best Practices
POP-178
Not allowed seccomp profile
High
Best Practices
POP-178
Not allowed added/dropped capabilities
Medium
Best Practices
40 +
checks
Terminal - csh - 600x245
ID
MESSAGE
SEVERITY
STATUS
custom-001
Replicas limit
Medium
Passed
custom-002
Automounted service account token
High
Passed
custom-003
Host namespaces
High
Passed
custom-004
No probes defined
Low
Passed
custom-005
No resources requests defined
Medium
Passed
user: ~(kind-kind:N/A) marvin scan --disable-builtin --checks ./examples/
Custom checks
Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define the validation rules.
Terminal - csh - 600x245
ID
MESSAGE
SEVERITY
STATUS
custom-001
Replicas limit
Medium
Passed
custom-002
Automounted service account token
High
Passed
custom-003
Host namespaces
High
Passed
custom-004
No probes defined
Low
Passed
custom-005
No resources requests defined
Medium
Passed
user: ~(kind-kind:N/A) marvin scan --disable-builtin --checks ./examples/
Custom checks
Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define the validation rules.
OSS
Unlock a new layer of security in
your Kubernetes environments!
Open source
No account required
Unimited use
Feel invited to join our Slack community and contribute to us.
Feel invited to join our Slack community and contribute to us.
OSS
Unlock a new layer of security in
your Kubernetes environments!
Open source
No account required
Unimited use
Feel invited to join our Slack community and contribute to us.
Opportunities
Copyright © Getup
Opportunities
Copyright © Getup
Opportunities
Copyright © Getup