OSS
The best Kubernetes practices made easy!
The best Kubernetes practices made easy!
Simplify Kubernetes operations: Easily identify misconfigurations and vulnerabilities in your environments.
OSS
The best Kubernetes practices made easy!
Simplify Kubernetes operations: Easily identify misconfigurations and vulnerabilities in your environments.
Terminal - csh - 470x304
user: ~(kind-kind:N/A) ~$ kubectl get clusterscans
NAME
cluster
schedule
suspend
plugins
cloud
cloud
Every 2 minutes
false
Marvin, Popeye
payments
payments
*/4 * * * *
false
Marvin, Popeye
crypto
crypto
Every 2 minutes
false
Marvin, Popeye
user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system
NAME
IMAGE
TYPE
AGE
marvin
ghcr.io/undistro/marvin:v0.2.0
misconfiguration
5m32s
Popeye
ghcr.io/undistro/popeye:pr252
misconfiguration
5m32s
user: ~(kind-kind:N/A)
|
What is Zora OSS?
Zora is an open-source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.
By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.
What is Zora OSS?
Zora is an open-source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.
By scanning your cluster with multiple plugins, Zora identifies potential issues, misconfigurations, and vulnerabilities.
New feature
New feature
Terminal - csh - 1000x300
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
HIGH
MEDIUM
kind-kind-dockerioistioexamplesbookinfodetailsv1
child-friendly
docker.io/istio/bookinfo:1.18.0-details-v1:1
1108
85
344
487
kind-kind-dockerioistioexamplesbookinfoproductpa
child-friendly
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
child-friendly
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-dockerioistioexampleewsv11180-6kxc5
child-friendly
registry.k8s.io/kube-proxy:v1.29.2
80
29
31
30
kind-kind-dockerioistioexamplesbookinfoproductpa
child-friendly
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
child-friendly
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-ghcrioundistromarvinv021-6kxc5
child-friendly
registry.k8s.io/kube-scheduler:v1.29.2
7
1
3
2
Terminal - csh - 1000x300
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
HIGH
MEDIUM
kind-kind-dockerioistioexamplesbookinfodetailsv1
child-friendly
docker.io/istio/bookinfo:1.18.0-details-v1:1
1108
85
344
487
kind-kind-dockerioistioexamplesbookinfoproductpa
child-friendly
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
child-friendly
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-dockerioistioexampleewsv11180-6kxc5
child-friendly
registry.k8s.io/kube-proxy:v1.29.2
80
29
31
30
kind-kind-dockerioistioexamplesbookinfoproductpa
child-friendly
docker.io/istio/examples-bookinfo-productpagev1
347
31
100
46
kind-kind-dockerioistioexamplesbookinforatingsv1
child-friendly
ghcr.io/undistro/marvin:v0.2.1
196
85
16
65
kind-kind-ghcrioundistromarvinv021-6kxc5
child-friendly
registry.k8s.io/kube-scheduler:v1.29.2
7
1
3
2
Image scanning with Trivy
Receive reports of issues found in your clusters' image resources. Using Trivy, you can now ensure another layer of security for your Kubernetes clusters by periodically scanning your images.
Take advantage of image scanning and discover a set of vulnerabilities (CVEs) that are affecting your clusters' images and might be compromising your Kubernetes environments.
Image scanning with Trivy
Receive reports of issues found in your clusters' image resources. Using Trivy, you can now ensure another layer of security for your Kubernetes clusters by periodically scanning your images.
Take advantage of image scanning and discover a set of vulnerabilities (CVEs) that are affecting your clusters' images and might be compromising your Kubernetes environments.
What Zora offer you
What Zora offer you
Terminal - csh - 600x190
user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system
NAME
IMAGE
TYPE
AGE
marvin
ghcr.io/undistro/marvin:v0.2.0
misconfiguration
5m32s
Popeye
ghcr.io/undistro/popeye:pr252
misconfiguration
5m32s
Multi-plugin architecture
Zora seamlessly integrates open source tools like Popeye, Marvin, and Trivy that report into its multi-plugin architecture as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.
Terminal - csh - 600x190
user: ~(kind-kind:N/A) $ kubectl get plugins -n zora-system
NAME
IMAGE
TYPE
AGE
marvin
ghcr.io/undistro/marvin:v0.2.0
misconfiguration
5m32s
Popeye
ghcr.io/undistro/popeye:pr252
misconfiguration
5m32s
Multi-plugin architecture
Zora seamlessly integrates open source tools like Popeye, Marvin, and Trivy that report into its multi-plugin architecture as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.
Kubernetes-native
All scan configurations and plugin reports, including misconfigurations and vulnerabilities, are securely stored as CRDs (Custom Resource Definitions) within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl command.
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
schedule
suspend
plugins
LAST STATUS
ISSUES
cloud
cloud
Every 2 minutes
false
Marvin, Popeye
Complete
48
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
ID
MESSAGE
SEVERITY
cloud
cloud
custom-101
Allowed privilege escalation
Medium
cloud
cloud
M-201
Automounted service account token
Medium
Terminal - csh - 600x190
Kubernetes-native
All scan configurations and plugin reports, including misconfigurations and vulnerabilities, are securely stored as CRDs (Custom Resource Definitions) within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl command.
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
schedule
suspend
plugins
LAST STATUS
ISSUES
cloud
cloud
Every 2 minutes
false
Marvin, Popeye
Complete
48
user: ~(kind-kind:N/A) $ kubectl get clusterscans
NAME
cluster
ID
MESSAGE
SEVERITY
cloud
cloud
custom-101
Allowed privilege escalation
Medium
cloud
cloud
M-201
Automounted service account token
Medium
Terminal - csh - 600x190
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
kind-kind-dockerioistio
child-friendly
docker.io/istio/bookinfo:1.1
1108
85
kind-kind-dockerioistio
child-friendly
docker.io/istio/examples-book
347
31
kind-kind-dockerioistio
child-friendly
ghcr.io/undistro/marvin:v0.2
196
85
kind-kind-dockerioistio
child-friendly
registry.k8s.io/kube-proxy:v1.0
80
29
kind-kind-ghcrioundistr
child-friendly
registry.k8s.io/kube:v1.29.2
7
1
Terminal - csh - 600x190
Trivy
new feature
Image scanning
Gain insights into potential issues affecting your cluster's resources by scanning container images with Trivy. This periodic process helps strengthen your Kubernetes security posture by identifying vulnerabilities (CVEs) in your images that could compromise your environment
user: ~(kind-kind:N/A) $ kubectl get vulnerabilities -o wide
NAME
cluster
IMAGE
TOTAL
CRITICAL
kind-kind-dockerioistio
child-friendly
docker.io/istio/bookinfo:1.1
1108
85
kind-kind-dockerioistio
child-friendly
docker.io/istio/examples-book
347
31
kind-kind-dockerioistio
child-friendly
ghcr.io/undistro/marvin:v0.2
196
85
kind-kind-dockerioistio
child-friendly
registry.k8s.io/kube-proxy:v1.0
80
29
kind-kind-ghcrioundistr
child-friendly
registry.k8s.io/kube:v1.29.2
7
1
Terminal - csh - 600x190
Trivy
new feature
Image scanning
Gain insights into potential issues affecting your cluster's resources by scanning container images with Trivy. This periodic process helps strengthen your Kubernetes security posture by identifying vulnerabilities (CVEs) in your images that could compromise your environment
Kubernetes compliance
Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.
ID
MESSAGE
SEVERITY
CATEGORY
custom-002
Required labels
Low
Custom
M-201
Automounted service account token
High
Security
M-201
Host namespaces
High
Security
POP-204
No probes defined
Low
Security
POP-178
No resource requests defined
Medium
Best Practices
POP-178
Volume type not allowed
Low
Best Practices
POP-178
The container could be running as root user
Low
Best Practices
POP-178
Not allowed seccomp profile
High
Best Practices
POP-178
Capabilities added/dropped are not allowed
Medium
Best Practices
Terminal - csh - 600x190
40 +
checks
Kubernetes compliance
Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.
ID
MESSAGE
SEVERITY
CATEGORY
custom-002
Required labels
Low
Custom
M-201
Automounted service account token
High
Security
M-201
Host namespaces
High
Security
POP-204
No probes defined
Low
Security
POP-178
No resource requests defined
Medium
Best Practices
POP-178
Volume type not allowed
Low
Best Practices
POP-178
The container could be running as root user
Low
Best Practices
POP-178
Not allowed seccomp profile
High
Best Practices
POP-178
Capabilities added/dropped are not allowed
Medium
Best Practices
Terminal - csh - 600x190
40 +
checks
ID
MESSAGE
SEVERITY
STATUS
custom-001
Replica limit
Medium
Passed
custom-002
Automounted service account token
High
Passed
custom-003
Host namespaces
High
Passed
custom-004
No probes defined
Low
Passed
custom-005
No resource requests defined
Medium
Passed
user: ~(kind-kind:N/A) marvin scan --disable-builtin --checks ./examples/
Terminal - csh - 600x190
Custom checks
Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define the validation rules.
ID
MESSAGE
SEVERITY
STATUS
custom-001
Replica limit
Medium
Passed
custom-002
Automounted service account token
High
Passed
custom-003
Host namespaces
High
Passed
custom-004
No probes defined
Low
Passed
custom-005
No resource requests defined
Medium
Passed
user: ~(kind-kind:N/A) marvin scan --disable-builtin --checks ./examples/
Terminal - csh - 600x190
Custom checks
Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define the validation rules.
OSS
Unlock a new layer of security in
your Kubernetes environments!
Open source
No account required
Unimited use
Join our community
Join our community
OSS
Unlock a new layer of security in
your Kubernetes environments!
Open source
No account required
Unimited use
Join our community
Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.
Operating Kubernetes in production for more than 13 years. With Quor, this experience extends to software supply chain security as well.
GET UP
© Getup · 2026
