Your clusters deserve a custom security.
Marvin is an open source CLI tool designed to assist Kubernetes cluster administrators in enhancing the security and reliability of their environments, through customizable checks.
Your clusters deserve a custom security.
Marvin is an open source CLI tool designed to assist Kubernetes cluster administrators in enhancing the security and reliability of their environments, through customizable checks.
# check if all containers don't defines a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
# check if all containers don't defines a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
# check if all containers don't defines a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
|
marvin on 4 pillares
marvin on 4 pillares
Common Expression Language (CEL)
Marvin uses a powerful set of CEL expressions to perform extensive checks on your cluster's resources, a newer language for expression evaluation.
Flexible custom checks
Marvin enables you to create customized checks that are aligned with the standards of your organization, according to your specific needs.
Builtin checks
Marvin includes 30+ built-in checks from well-known frameworks, such as PSS, NSA & CISA Kubernetes Hardening Guidance and MITRE's ATT&CK.
Seamless integration with Zora
Marvin seamlessly integrates with Zora, our Kubernetes scanning tool, which employs other plugins to detect issues.
Common Expression Language
(CEL)
CEL offers a range of benefits that make it an excellent choice for creating user-friendly checks for Kubernetes cluster security and reliability.
Flexibility
CEL offers a high degree of flexibility, allowing you to adapt checks to the dynamic nature of Kubernetes environments. You can define variables, leverage conditionals and loops, and incorporate external data sources into your checks.
Expressiveness
CEL provides a rich set of operators and functions, allowing you to express complex conditions and rules in a concise and readable way. Its expressive features allow you to define precise checks adapted to your specific requirements.
Simplicity
CEL features a simple and easy-to-understand syntax, even for users with limited programming experience. Its simplicity allows administrators to quickly understand the language and sign checks without the need for extensive training.
Common Expression Language (CEL)
(CEL)
CEL offers a range of benefits that make it an excellent choice for creating user-friendly checks for Kubernetes cluster security and reliability.
Flexibility
CEL offers a high degree of flexibility, allowing you to adapt checks to the dynamic nature of Kubernetes environments. You can define variables, leverage conditionals and loops, and incorporate external data sources into your checks.
Expressiveness
CEL provides a rich set of operators and functions, allowing you to express complex conditions and rules in a concise and readable way. Its expressive features allow you to define precise checks adapted to your specific requirements.
Simplicity
CEL features a simple and easy-to-understand syntax, even for users with limited programming experience. Its simplicity allows administrators to quickly understand the language and sign checks without the need for extensive training.
Flexible custom checks
Marvin allows you to define and execute custom checks tailored to your unique Kubernetes environment.
You can leverage the expressive CEL capabilities to create verifications that are in alignment with your organization's security and reliability standards.
Here are a few examples showcasing the simplicity and power of CEL for defining custom checks with Marvin:
Not allowed hostPort
Host namespaces
Insecure capabilities
# check if all containers don't defines a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
Not allowed hostPort
Host namespaces
Insecure capabilities
# check if all containers don't defines a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
Flexible custom checks
Marvin allows you to define and execute custom checks tailored to your unique Kubernetes environment.
You can leverage the expressive CEL capabilities to create verifications that are in alignment with your organization's security and reliability standards.
Here are a few examples showcasing the simplicity and power of CEL for defining custom checks with Marvin:
Not allowed hostPort
Host namespaces
Insecure capabilities
# check if all containers don't defines a hostPort (or a known list)
- expression: >
allContainers.all(container,
!has(container.ports) ||
container.ports.all(port,
!has(port.hostPort) ||
port.hostPort == 0 ||
port.hostPort in params.allowedHostPorts
)
)
Built-in checks
Marvin offers a robust set of built-in checks to enhance the security and reliability of your Kubernetes clusters.
With over 20 built-in checks sourced from reputable frameworks, including PSS (Pod Security Standards), CIS benchmark, and MITRE's ATT&CK, Marvin provides administrators with an extensive range of comprehensive assessments.
These frameworks have been established as industry standards for assessing Kubernetes cluster security and serve as a solid foundation for Marvin's comprehensive checks.
Built-in checks
Marvin offers a robust set of built-in checks to enhance the security and reliability of your Kubernetes clusters.
With over 20 built-in checks sourced from reputable frameworks, including PSS (Pod Security Standards), CIS benchmark, and MITRE's ATT&CK, Marvin provides administrators with an extensive range of comprehensive assessments.
These frameworks have been established as industry standards for assessing Kubernetes cluster security and serve as a solid foundation for Marvin's comprehensive checks.
Marvin seamlessly integrates with Zora, our Kubernetes scanning tool that detects issues, vulnerabilities, and misconfigurations, based on integrated plugins (popeye, Zora and Trivy).
As a plugin inside Zora, Marvin's custom checks can be visualized within the Zora Dashboard, along side other integrated plugins, allowing you to monitor and manage your cluster's security and reliability via a single interface.
Integration with Zora
Marvin seamlessly integrates with Zora, our Kubernetes scanning tool that detects issues, vulnerabilities, and misconfigurations, based on integrated plugins (popeye, Zora and Trivy).
As a plugin inside Zora, Marvin's custom checks can be visualized within the Zora Dashboard, along side other integrated plugins, allowing you to monitor and manage your cluster's security and reliability via a single interface.
Unlock a new layer of security in
your Kubernetes environments!
Open source
No account required
Unimited use
Join our community
Join our community
Unlock a new layer of security in
your Kubernetes environments!
Open source
No account required
Unimited use
Join our community
Opportunities
Copyright © Getup
Opportunities
Copyright © Getup
Opportunities
Copyright © Getup