Your clusters deserve tailored security.
Simplify Kubernetes operations: Easily identify misconfigurations and vulnerabilities in your environments.
Your clusters deserve tailored security.
Simplify Kubernetes operations: Easily identify misconfigurations and vulnerabilities in your environments.
# check if all containers don't define a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
Terminal - csh - 470x304
# check if all containers don't define a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
Terminal - csh - 470x304
# check if all containers don't define a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
|
Terminal - csh - 470x304
MARVIN IN 4 PILLARS
Common Expression Language
Marvin uses a powerful set of CEL expressions to perform extensive checks on your cluster's resources, a newer language for expression evaluation.
Flexible custom checks
Marvin allows you to create customized checks aligned with
your organization's standards, according to your specific needs.
Builtin checks
Checks
native
Marvin includes more than 30 built-in checks for known frameworks, such as PSS, NSA, and CISA Kubernetes Hardening Guidance, among others.
Marvin includes over 30 built-in checks for well-known frameworks, such as PSS, NSA and CISA Kubernetes, among others.
Seamless integration with Zora
Marvin integrates with Zora, our Kubernetes verification tool, which employs other plugins to detect issues.
MARVIN IN 4 PILLARS
Common Expression Language
Marvin uses a powerful set of CEL expressions to perform extensive checks on your cluster's resources, a newer language for expression evaluation.
Flexible custom checks
Marvin allows you to create customized checks aligned with
your organization's standards, according to your specific needs.
Builtin checks
Marvin includes more than 30 built-in checks for known frameworks, such as PSS, NSA, and CISA Kubernetes Hardening Guidance, among others.
Seamless integration with Zora
Marvin integrates with Zora, our Kubernetes verification tool, which employs other plugins to detect issues.
Common Expression Language (CEL)
CEL offers a range of benefits that make it an excellent choice for creating user-friendly checks for Kubernetes cluster security and reliability.
Flexibility
CEL offers a high degree of flexibility, allowing you to adapt checks to the dynamic nature of Kubernetes environments. You can define variables, leverage conditionals and loops, and incorporate external data sources into your checks.
Expressiveness
CEL provides a rich set of operators and functions, allowing you to express complex conditions and rules in a concise and readable way. Its expressive features allow you to define precise checks adapted to your specific requirements.
Simplicity
CEL features a simple and easy-to-understand syntax, even for users with limited programming experience. Its simplicity allows administrators to quickly understand the language and sign checks without the need for extensive training.
Common Expression Language (CEL)
CEL offers a range of benefits that make it an excellent choice for creating user-friendly checks for Kubernetes cluster security and reliability.
Flexibility
CEL offers a high degree of flexibility, allowing you to adapt checks to the dynamic nature of Kubernetes environments. You can define variables, leverage conditionals and loops, and incorporate external data sources into your checks.
Expressiveness
CEL provides a rich set of operators and functions, allowing you to express complex conditions and rules in a concise and readable way. Its expressive features allow you to define precise checks adapted to your specific requirements.
Simplicity
CEL features a simple and easy-to-understand syntax, even for users with limited programming experience. Its simplicity allows administrators to quickly understand the language and sign checks without the need for extensive training.
Flexible custom checks
Marvin allows you to define and execute custom checks tailored to your unique Kubernetes environment.
You can leverage the expressive CEL capabilities to create verifications that are in alignment with your organization's security and reliability standards.
Here are a few examples showcasing the simplicity and power of CEL for defining custom checks with Marvin:
HostPort not allowed
Host namespaces
Insecure capabilities
# check if all containers don't define a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
Flexible custom checks
Marvin allows you to define and execute custom checks tailored to your unique Kubernetes environment.
You can leverage the expressive CEL capabilities to create verifications that are in alignment with your organization's security and reliability standards.
Here are a few examples showcasing the simplicity and power of CEL for defining custom checks with Marvin:
HostPort not allowed
Host namespaces
Insecure capabilities
# check if all containers don't define a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
Built-in checks
Marvin offers a robust set of built-in checks to enhance the security and reliability of your Kubernetes clusters.
Marvin offers a robust set of built-in checks to enhance the security and reliability of your Kubernetes clusters.
With over 20 built-in checks sourced from reputable frameworks, including PSS (Pod Security Standards), CIS benchmark, and MITRE's ATT&CK, Marvin provides administrators with an extensive range of comprehensive assessments.
With over 20 built-in checks sourced from reputable frameworks, including PSS (Pod Security Standards), CIS benchmark, and MITRE's ATT&CK, Marvin provides administrators with an extensive range of comprehensive assessments.
These frameworks have been established as industry standards for assessing Kubernetes cluster security and serve as a solid foundation for Marvin's comprehensive checks.
These frameworks have been established as industry standards for assessing Kubernetes cluster security and serve as a solid foundation for Marvin's comprehensive checks.
Built-in checks
Marvin offers a robust set of built-in checks to enhance the security and reliability of your Kubernetes clusters.
With over 20 built-in checks sourced from reputable frameworks, including PSS (Pod Security Standards), CIS benchmark, and MITRE's ATT&CK, Marvin provides administrators with an extensive range of comprehensive assessments.
These frameworks have been established as industry standards for assessing Kubernetes cluster security and serve as a solid foundation for Marvin's comprehensive checks.
Integration with Zora
Marvin seamlessly integrates with Zora, our Kubernetes scanning tool that detects issues, vulnerabilities, and misconfigurations, based on integrated plugins (popeye, Zora and Trivy).
As a plugin inside Zora, Marvin's custom checks can be visualized within the Zora Dashboard, along side other integrated plugins, allowing you to monitor and manage your cluster's security and reliability via a single interface.
Integration with Zora
Marvin seamlessly integrates with Zora, our Kubernetes scanning tool that detects issues, vulnerabilities, and misconfigurations, based on integrated plugins (popeye, Zora and Trivy).
As a plugin inside Zora, Marvin's custom checks can be visualized within the Zora Dashboard, along side other integrated plugins, allowing you to monitor and manage your cluster's security and reliability via a single interface.
Unlock a new layer of security in your environment
Kubernetes!
Open source
No account required
Unimited use
Join our community
Join our community
Unlock a new layer of security in your environment
Kubernetes!
Open source
No account required
Unimited use
Join our community
Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.
Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.
GET UP
© Getup · 2026
