What is Zora OSS?

Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.

By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.

What is Zora OSS?

Zora is an open source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.

By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.

New feature

New feature

Terminal - csh - 1000x300

user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide

NAME

cluster

IMAGE

TOTAL

CRITICAL

HIGH

MEDIUM

kind-kind-dockerioistioexamplesbookinfodetailsv1

kind-kind

docker.io/istio/bookinfo:1.18.0-details-v1:1

1108

85

344

487

kind-kind-dockerioistioexamplesbookinfoproductpa

kind-kind

docker.io/istio/examples-bookinfo-productpagev1

347

31

100

46

kind-kind-dockerioistioexamplesbookinforatingsv1

kind-kind

ghcr.io/undistro/marvin:v0.2.1

196

85

16

65

kind-kind-dockerioistioexampleewsv11180-6kxc5

kind-kind

registry.k8s.io/kube-proxy:v1.29.2

80

29

31

30

kind-kind-dockerioistioexamplesbookinfoproductpa

kind-kind

docker.io/istio/examples-bookinfo-productpagev1

347

31

100

46

kind-kind-dockerioistioexamplesbookinforatingsv1

kind-kind

ghcr.io/undistro/marvin:v0.2.1

196

85

16

65

kind-kind-ghcrioundistromarvinv021-6kxc5

kind-kind

registry.k8s.io/kube-scheduler:v1.29.2

7

1

3

2

Terminal - csh - 1000x300

user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide

NAME

cluster

IMAGE

TOTAL

CRITICAL

HIGH

MEDIUM

kind-kind-dockerioistioexamplesbookinfodetailsv1

kind-kind

docker.io/istio/bookinfo:1.18.0-details-v1:1

1108

85

344

487

kind-kind-dockerioistioexamplesbookinfoproductpa

kind-kind

docker.io/istio/examples-bookinfo-productpagev1

347

31

100

46

kind-kind-dockerioistioexamplesbookinforatingsv1

kind-kind

ghcr.io/undistro/marvin:v0.2.1

196

85

16

65

kind-kind-dockerioistioexampleewsv11180-6kxc5

kind-kind

registry.k8s.io/kube-proxy:v1.29.2

80

29

31

30

kind-kind-dockerioistioexamplesbookinfoproductpa

kind-kind

docker.io/istio/examples-bookinfo-productpagev1

347

31

100

46

kind-kind-dockerioistioexamplesbookinforatingsv1

kind-kind

ghcr.io/undistro/marvin:v0.2.1

196

85

16

65

kind-kind-ghcrioundistromarvinv021-6kxc5

kind-kind

registry.k8s.io/kube-scheduler:v1.29.2

7

1

3

2

Image scanning with Trivy

Receive reports of problems found in the resources used by the images in your clusters. Using Trivy, you can now guarantee another layer of security for your Kuberentes clusters by periodically scanning your images.

Take advantage of image scanning and discover a set of vulnerabilities (CVEs) that are affecting your clusters' images and that may be harming your Kubernetes environments.

Image scanning with Trivy

Receive reports of problems found in the resources used by the images in your clusters. Using Trivy, you can now guarantee another layer of security for your Kuberentes clusters by periodically scanning your images.

Take advantage of image scanning and discover a set of vulnerabilities (CVEs) that are affecting your clusters' images and that may be harming your Kubernetes environments.

What Zora offer you

What Zora offer you

Terminal - csh - 600x190

user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system

NAME

IMAGE

TYPE

AGE

marvin

ghcr.io/undistro/marvin:v0.2.0

misconfiguration

5m32s

popeye

ghcr.io/undistro/popeye:pr252

misconfiguration

5m32s

Multi-plugin architecture

Zora seamlessly integrates open source tools like Popeye, Marvin, and Trivy that report into its multi-plugin architecture as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.

Terminal - csh - 600x190

user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system

NAME

IMAGE

TYPE

AGE

marvin

ghcr.io/undistro/marvin:v0.2.0

misconfiguration

5m32s

popeye

ghcr.io/undistro/popeye:pr252

misconfiguration

5m32s

Multi-plugin architecture

Zora seamlessly integrates open source tools like Popeye, Marvin, and Trivy that report into its multi-plugin architecture as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.

Kubernetes-native

All scan configurations and plugin reports, including misconfigurations and vulnerabilities, are securely stored as CRDs (Custom Resource Definitions) within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl command.

Terminal - csh - 600x270

user: ~(kind-kind:N/A) $ kubectl get clusterscans

NAME

cluster

schedule

suspend

plugins

LAST STATUS

ISSUES

cloud

cloud

*/2 * * * *

false

marvin, popeye

Complete

48

user: ~(kind-kind:N/A) $ kubectl get clusterscans

NAME

cluster

ID

MESSAGE

SEVERITY

cloud

cloud

custom-101

Allowed privilege escalation

Medium

cloud

cloud

M-201

Automounted service account token

Medium

Kubernetes-native

All scan configurations and plugin reports, including misconfigurations and vulnerabilities, are securely stored as CRDs (Custom Resource Definitions) within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl command.

Terminal - csh - 600x270

user: ~(kind-kind:N/A) $ kubectl get clusterscans

NAME

cluster

schedule

suspend

plugins

LAST STATUS

ISSUES

cloud

cloud

*/2 * * * *

false

marvin, popeye

Complete

48

user: ~(kind-kind:N/A) $ kubectl get clusterscans

NAME

cluster

ID

MESSAGE

SEVERITY

cloud

cloud

custom-101

Allowed privilege escalation

Medium

cloud

cloud

M-201

Automounted service account token

Medium

Terminal - csh - 600x245

user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide

NAME

cluster

IMAGE

TOTAL

CRITICAL

kind-kind-dockerioistio

kind-kind

docker.io/istio/bookinfo:1.1

1108

85

kind-kind-dockerioistio

kind-kind

docker.io/istio/examples-book

347

31

kind-kind-dockerioistio

kind-kind

ghcr.io/undistro/marvin:v0.2

196

85

kind-kind-dockerioistio

kind-kind

registry.k8s.io/kube-proxy:v1.0

80

29

kind-kind-ghcrioundistr

kind-kind

registry.k8s.io/kube:v1.29.2

7

1

Trivy

new feature

Image scanning

Gain insights into potential issues affecting your cluster's resources by scanning container images with Trivy. This periodic process helps strengthen your Kubernetes security posture by identifying vulnerabilities (CVEs) in your images that could compromise your environment

Terminal - csh - 600x245

user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide

NAME

cluster

IMAGE

TOTAL

CRITICAL

kind-kind-dockerioistio

kind-kind

docker.io/istio/bookinfo:1.1

1108

85

kind-kind-dockerioistio

kind-kind

docker.io/istio/examples-book

347

31

kind-kind-dockerioistio

kind-kind

ghcr.io/undistro/marvin:v0.2

196

85

kind-kind-dockerioistio

kind-kind

registry.k8s.io/kube-proxy:v1.0

80

29

kind-kind-ghcrioundistr

kind-kind

registry.k8s.io/kube:v1.29.2

7

1

Trivy

new feature

Image scanning

Gain insights into potential issues affecting your cluster's resources by scanning container images with Trivy. This periodic process helps strengthen your Kubernetes security posture by identifying vulnerabilities (CVEs) in your images that could compromise your environment

Kubernetes compliance

Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.

Terminal - csh - 600x190

ID

MESSAGE

SEVERITY

CATEGORY

custom-002

Required labels

Low

Custom

M-201

Automounted service account token

High

Security

M-201

Host namespaces

High

Security

POP-204

No probes defined

Low

Security

POP-178

No resources requests defined

Medium

Best Practices

POP-178

Not allowed volume type

Low

Best Practices

POP-178

Container could be running as root user

Low

Best Practices

POP-178

Not allowed seccomp profile

High

Best Practices

POP-178

Not allowed added/dropped capabilities

Medium

Best Practices

40 +

checks

Kubernetes compliance

Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.

Terminal - csh - 600x190

ID

MESSAGE

SEVERITY

CATEGORY

custom-002

Required labels

Low

Custom

M-201

Automounted service account token

High

Security

M-201

Host namespaces

High

Security

POP-204

No probes defined

Low

Security

POP-178

No resources requests defined

Medium

Best Practices

POP-178

Not allowed volume type

Low

Best Practices

POP-178

Container could be running as root user

Low

Best Practices

POP-178

Not allowed seccomp profile

High

Best Practices

POP-178

Not allowed added/dropped capabilities

Medium

Best Practices

40 +

checks

Terminal - csh - 600x245

ID

MESSAGE

SEVERITY

STATUS

custom-001

Replicas limit

Medium

Passed

custom-002

Automounted service account token

High

Passed

custom-003

Host namespaces

High

Passed

custom-004

No probes defined

Low

Passed

custom-005

No resources requests defined

Medium

Passed

user: ~(kind-kind:N/A) marvin scan --disable-builtin --checks ./examples/

Custom checks

Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define the validation rules.

Terminal - csh - 600x245

ID

MESSAGE

SEVERITY

STATUS

custom-001

Replicas limit

Medium

Passed

custom-002

Automounted service account token

High

Passed

custom-003

Host namespaces

High

Passed

custom-004

No probes defined

Low

Passed

custom-005

No resources requests defined

Medium

Passed

user: ~(kind-kind:N/A) marvin scan --disable-builtin --checks ./examples/

Custom checks

Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define the validation rules.

OSS

Unlock a new layer of security in
your Kubernetes environments!

Open source

No account required

Unimited use

Join our community

Join our community

OSS

Unlock a new layer of security in
your Kubernetes environments!

Open source

No account required

Unimited use

Join our community

Social

Contact us

Almeda Campinas 802, CJ 12, Jardim Paulista,

São Paulo - SP, 01404-001

Opportunities

Our content

Social

Contact us

Almeda Campinas 802, CJ 12, Jardim Paulista,

São Paulo - SP, 01404-001

Opportunities

Our content

Social

Contact us

Almeda Campinas 802, CJ 12, Jardim Paulista,

São Paulo - SP, 01404-001

Opportunities

Our content