Overview
twigs supports discovering your Kubernetes environment. This essentially discovers docker container images in your Kubernetes environment as asset(s) in ThreatWorx. This will discover source code assets from your docker container as well. For more details on source code assets, refer to Source Code Asset discovery in twigs.
Pre-requisites
Docker CLI and service are required for discovering docker images. For more details on installing docker CLI and service for your operating system, refer to this link.
For discovering your helm charts, you need to have helm installed.
Steps
You can follow the steps below to discover your Kubernetes environment as assets in ThreatWorx:
Open a new shell / terminal
Check that twigs is installed and running properly by running below command:
twigs k8s -h
You can run the command below:
twigs k8s [-h] (--deployment_yaml DEPLOYMENT_YAML | --helm_chart HELM_CHART) [--tmp_dir TMP_DIR] [--check_vuln CHECK_VULN] [--check_all_vulns]
where DEPLOYMENT_YAML is path to Kubernetes Deployment Manifest Definition YAML file or you can specify HELM_CHART (as path to local helm chart folder or as repo/chartname).
For information on vulnerabilities supported by twigs plugins, refer here.
After discovery is complete, you can login into ThreatWorx console to view the newly discovered asset(s).