marvin on 4 pillares

Common Expression Language (CEL)

Marvin uses a powerful set of CEL expressions to perform extensive checks on your cluster's resources, a newer language for expression evaluation.

Flexible custom checks

Marvin enables you to create customized checks that are aligned with the standards of your organization, according to your specific needs.

Builtin checks

Marvin includes 30+ built-in checks from well-known frameworks, such as PSS, NSA & CISA Kubernetes Hardening Guidance and MITRE's ATT&CK.

Seamless integration with Zora

Marvin seamlessly integrates with Zora, our Kubernetes scanning tool, which employs other plugins to detect issues.

marvin on 4 pillares

Common Expression Language (CEL)

Marvin uses a powerful set of CEL expressions to perform extensive checks on your cluster's resources, a newer language for expression evaluation.

Flexible custom checks

Marvin enables you to create customized checks that are aligned with the standards of your organization, according to your specific needs.

Builtin checks

Marvin includes 30+ built-in checks from well-known frameworks, such as PSS, NSA & CISA Kubernetes Hardening Guidance and MITRE's ATT&CK.

Seamless integration with Zora

Marvin seamlessly integrates with Zora, our Kubernetes scanning tool, which employs other plugins to detect issues.

Common Expression Language

(CEL)

CEL offers a range of benefits that make it an excellent choice for creating user-friendly checks for Kubernetes cluster security and reliability.

Flexibility

CEL offers a high degree of flexibility, allowing you to adapt checks to the dynamic nature of Kubernetes environments. You can define variables, leverage conditionals and loops, and incorporate external data sources into your checks.

Expressiveness

CEL provides a rich set of operators and functions, allowing you to express complex conditions and rules in a concise and readable way. Its expressive features allow you to define precise checks adapted to your specific requirements.

Simplicity

CEL features a simple and easy-to-understand syntax, even for users with limited programming experience. Its simplicity allows administrators to quickly understand the language and sign checks without the need for extensive training.

Common Expression Language (CEL)

(CEL)

CEL offers a range of benefits that make it an excellent choice for creating user-friendly checks for Kubernetes cluster security and reliability.

Flexibility

CEL offers a high degree of flexibility, allowing you to adapt checks to the dynamic nature of Kubernetes environments. You can define variables, leverage conditionals and loops, and incorporate external data sources into your checks.

Expressiveness

CEL provides a rich set of operators and functions, allowing you to express complex conditions and rules in a concise and readable way. Its expressive features allow you to define precise checks adapted to your specific requirements.

Simplicity

CEL features a simple and easy-to-understand syntax, even for users with limited programming experience. Its simplicity allows administrators to quickly understand the language and sign checks without the need for extensive training.

Flexible custom checks

Marvin allows you to define and execute custom checks tailored to your unique Kubernetes environment. 

You can leverage the expressive CEL capabilities to create verifications that are in alignment with your organization's security and reliability standards.

Here are a few examples showcasing the simplicity and power of CEL for defining custom checks with Marvin:

Not allowed hostPort

Host namespaces

Insecure capabilities

# check if all containers don't defines a hostPort (or a known list)
- expression: >
      allContainers.all(container,
        !has(container.ports) ||
        container.ports.all(port,
          !has(port.hostPort) ||
          port.hostPort == 0 ||
          port.hostPort in params.allowedHostPorts
        )
      )

Not allowed hostPort

Host namespaces

Insecure capabilities

# check if all containers don't defines a hostPort (or a known list)
- expression: >
      allContainers.all(container,
        !has(container.ports) ||
        container.ports.all(port,
          !has(port.hostPort) ||
          port.hostPort == 0 ||
          port.hostPort in params.allowedHostPorts
        )
      )

Flexible custom checks

Marvin allows you to define and execute custom checks tailored to your unique Kubernetes environment. 

You can leverage the expressive CEL capabilities to create verifications that are in alignment with your organization's security and reliability standards.

Here are a few examples showcasing the simplicity and power of CEL for defining custom checks with Marvin:

Not allowed hostPort

Host namespaces

Insecure capabilities

# check if all containers don't defines a hostPort (or a known list)
- expression: >
      allContainers.all(container,
        !has(container.ports) ||
        container.ports.all(port,
          !has(port.hostPort) ||
          port.hostPort == 0 ||
          port.hostPort in params.allowedHostPorts
        )
      )

Built-in checks

Marvin offers a robust set of built-in checks to enhance the security and reliability of your Kubernetes clusters.

With over 20 built-in checks sourced from reputable frameworks, including PSS (Pod Security Standards), CIS benchmark, and MITRE's ATT&CK, Marvin provides administrators with an extensive range of comprehensive assessments.

These frameworks have been established as industry standards for assessing Kubernetes cluster security and serve as a solid foundation for Marvin's comprehensive checks.

Built-in checks

Marvin offers a robust set of built-in checks to enhance the security and reliability of your Kubernetes clusters.

With over 20 built-in checks sourced from reputable frameworks, including PSS (Pod Security Standards), CIS benchmark, and MITRE's ATT&CK, Marvin provides administrators with an extensive range of comprehensive assessments.

These frameworks have been established as industry standards for assessing Kubernetes cluster security and serve as a solid foundation for Marvin's comprehensive checks.

Marvin seamlessly integrates with Zora, our Kubernetes scanning tool that detects issues, vulnerabilities, and misconfigurations, based on integrated plugins (popeye, Zora and Trivy).

As a plugin inside Zora, Marvin's custom checks can be visualized within the Zora Dashboard, along side other integrated plugins, allowing you to monitor and manage your cluster's security and reliability via a single interface.

Integration with Zora

Marvin seamlessly integrates with Zora, our Kubernetes scanning tool that detects issues, vulnerabilities, and misconfigurations, based on integrated plugins (popeye, Zora and Trivy).

As a plugin inside Zora, Marvin's custom checks can be visualized within the Zora Dashboard, along side other integrated plugins, allowing you to monitor and manage your cluster's security and reliability via a single interface.

Unlock a new layer of security in
your Kubernetes environments!

Open source

No account required

Unimited use

Join our community

Join our community

Unlock a new layer of security in
your Kubernetes environments!

Open source

No account required

Unimited use

Join our community

Social

Contact us

Almeda Campinas 802, CJ 12, Jardim Paulista,

São Paulo - SP, 01404-001

Opportunities

Our content

Social

Contact us

Almeda Campinas 802, CJ 12, Jardim Paulista,

São Paulo - SP, 01404-001

Opportunities

Our content

Social

Contact us

Almeda Campinas 802, CJ 12, Jardim Paulista,

São Paulo - SP, 01404-001

Opportunities

Our content