We capture only your contact information and the Kubernetes resources, YAML files or container images you select to analyze. We adhere to a strict privacy policy and do not sell or share your personal information, as defined by theCalifornia Privacy Rights Act.You can read the details in theVMware Global Privacy Policy.Any use of VMware Offerings is subject to theVMware General Terms.
Assessments can be performed from Kubernetes clusters, YAML repositories or Helm charts. If the assessment is done from Kubernetes clusters, a certain level of access to the cluster will be necessary. Users can restrict the scan to specific namespaces or resources if needed. Container image scans can be executed on public images stored in open repositories such as DockerHub or locally in private repositories.
The report is generated real-time as soon as the completed form is submitted. This service is currently in BETA with continuous updates. If the report takes more than 15 minutes to appear, please notify us by sending an email to[email protected].
An empty report may indicate a command failure. Please check the following:
No, only Tanzu Application Catalog-supported images will be scanned for vulnerabilities. If there are vulnerabilities in non-matching images, they won't be included in the report.
For this assessment to work, you’ll need a Kubeconfig configuration with no external dependencies. Some hyperscalers create default Kubeconfig files that depend on their specific CLIs binaries to work. To generate an agnostic Kubeconfig file, you’ll need to follow these steps:
ServiceAccount
(reference)Secret
associated to the ServiceAccount (reference)ClusterRoleBinding
associated to the ServiceAccount (reference)With the previous steps completed, use the ca.crt and the token generated in the ServiceAccount to build your own kubeconfig file (example).
You'll need to mount the Dockerconfig.json
credentials file. For Linux,
docker run --rm -it -v /tmp:/output -v $HOME/.docker/config.json:/opt/bitnami/kubescape/.docker/config.json bitnami/kubescape:3.0.3 oss-assessment GIT_REPOSITORY -o /output/report.json
For Docker Desktop users on OS X, theconfig.json
file can be generated:echo "{\" auths\ ": {\" \ ": {}}}" > /tmp/config.json
docker login --config /tmp YOUR_REPOSITORY
docker run --rm -it -v /tmp:/output -v /tmp/config.json:/opt/bitnami/kubescape/.docker/config.json bitnami/kubescape:3.0.3 oss-assessment GIT_REPOSITORY -o /output/report.json