Chartsec scans a Helm chart for potential security vulnerabilities for it's user. It's especially useful to check third-party charts before even decompressing them.
Chartsec can be used both as a library and an executable.
Build the binary executable with the following command:
go get github.com/banzaicloud/chartsec/cmd/chartsec
Use it to check a chart package:
chartsec path/to/package.tgz
Or use it as a library in your project:
package main
import (
"os"
"github.com/banzaicloud/chartsec"
)
func main() {
file, err := os.Open("path/to/package.tgz")
if err != nil {
panic(err)
}
scanner := chartsec.NewDefaultChartScanner()
err = scanner.Scan(file)
if err != nil {
panic(err)
}
}
- Compressed archive does not exceed 10MB
- Decompressed archive does not exceed 10MB
- Markdown files do not contain malicious content (html script, etc)
While we believe this package is ultimately useful for anyone who work with third-party charts, the API is not quite stable yet, the implementation might change, so we decided to expose only what's necessary to use the core functionality to prevent ossification.
Apache 2.0 License. Please see License File for more information.