OSS Health Assessment

사용하는 오픈 소스 소프트웨어 공급망이 얼마나 안전한지 알아보세요

오픈 소스 소프트웨어 상태(OSS Health Assessment) 평가 보고서는 오픈 소스 소프트웨어 종속성의 상태를 이해하는 데 도움이 됩니다. 생성된 보고서에는 다음과 같은 내용을 포함합니다:

사용하는 오픈 소스 소프트웨어에 잘못된 구성으로 인한 보안 손상 여부
오픈 소스 소프트웨어에서 중대한 보안 취약점 여부
MITRE, CIS, SOC2, NSA와 같은 주요 보안 프레임워크에 따른 규정 준수 점수
사용하는 오픈 소스 소프트웨어를 Tanzu Application Catalog의 Bitnami 패키지로 대체할 수 있는 범위
오픈 소스 소프트웨어 공급망 보안 상태를 개선하고 잘못된 구성 및 업스트림 취약성으로 인한 위험을 완화하기 위한 권장 사항

지금 바로 무료 오픈 소스 소프트웨어 상태 (OSS Health Assessment) 평가 보고서를 이용해 보시고, Tanzu 한국팀과 협력하여 Bitnami 및 Tanzu Application Catalog팀이 어떤 도움을 줄 수 있는지 알아보세요.

시작하기

Starting from your Kubernetes resources, YAML files or public or private repositories, export your results to a .json file

Repo
Repo
Kubernetes
Kubernetes

docker run --rm -it -v /tmp:/output bitnami/kubescape:3.0.3 oss-assessment GIT_REPOSITORY -o /output/report.json

docker run --rm -it -v %USERPROFILE%:/output bitnami/kubescape:3.0.3 oss-assessment GIT_REPOSITORY -o /output/report.json

docker run --rm -it -v /tmp:/output -v $HOME/.kube:/.kube bitnami/kubescape:3.0.3 oss-assessment --kubeconfig /.kube/config --kube-context $(kubectl config current-context) -o /output/report.json

docker run --rm -it -v %USERPROFILE%:/output -v %USERPROFILE%/.kube:/.kube bitnami/kubescape:3.0.3 oss-assessment --kubeconfig /.kube/config --kube-context $(kubectl config current-context) -o /output/report.json

Refer to FAQ below for specific Kubernetes distributions or private repositories

파일을 업로드하고 보고서를 확인합니다.

업무용 이메일

이름

성

회사명

핸드폰 번호

Title

By submitting this form I agree to receiving commercial messages about Broadcom products and services; and acknowledge that my use of Broadcom's website is subject to Broadcom's Terms of Use and that my personal data is processed according to Broadcom's Privacy Policy.

모든 VMware 제품 및 서비스 이용은 VMware 이용 약관의 적용을 받습니다.

FAQ

What information is captured?

We capture only your contact information and the Kubernetes resources, YAML files or container images you select to analyze. We adhere to a strict privacy policy and do not sell or share your personal information, as defined by the California Privacy Rights Act. You can read the details in the VMware Global Privacy Policy. Any use of VMware Offerings is subject to the VMware General Terms.

Which resources are analyzed?

Assessments can be performed from Kubernetes clusters, YAML repositories or Helm charts. If the assessment is done from Kubernetes clusters, a certain level of access to the cluster will be necessary. Users can restrict the scan to specific namespaces or resources if needed. Container image scans can be executed on public images stored in open repositories such as DockerHub or locally in private repositories.

What is the turnaround time to receive the assessment?

The report is generated real-time as soon as the completed form is submitted. This service is currently in BETA with continuous updates. If the report takes more than 15 minutes to appear, please notify us by sending an email to tac-info.pdl@broadcom.com.

What should I do if the generated report is empty?

An empty report may indicate a command failure. Please check the following:

Ensure you have Docker Desktop installed and it is up and running.
Confirm that your `json` file is not empty. If it is, consider checking for potential issues with the file or its contents.

Will security vulnerabilities for all the images present in my cluster or repository be detected?

No, only Tanzu Application Catalog-supported images will be scanned for vulnerabilities. If there are vulnerabilities in non-matching images, they won't be included in the report.

My Kubernetes cluster uses a specific distribution such as EKS, GKE, TKG. Can I still generate an assessment?

For this assessment to work, you’ll need a Kubeconfig configuration with no external dependencies. Some hyperscalers create default Kubeconfig files that depend on their specific CLIs binaries to work. To generate an agnostic Kubeconfig file, you’ll need to follow these steps:

Create a ServiceAccount (reference)
Create a Secret associated to the ServiceAccount (reference)
Create a ClusterRoleBinding associated to the ServiceAccount (reference)

With the previous steps completed, use the ca.crt and the token generated in the ServiceAccount to build your own kubeconfig file (example).

How do I scan images from private container repositories?

You'll need to mount the Docker config.json credentials file. For Linux,

docker run --rm -it -v /tmp:/output -v $HOME/.docker/config.json:/opt/bitnami/kubescape/.docker/config.json bitnami/kubescape:3.0.3 oss-assessment GIT_REPOSITORY -o /output/report.json

For Docker Desktop users on OS X, the config.json file can be generated:

echo "{\"auths\": {\"\": {}}}" > /tmp/config.json

docker login --config /tmp YOUR_REPOSITORY

docker run --rm -it -v /tmp:/output -v /tmp/config.json:/opt/bitnami/kubescape/.docker/config.json bitnami/kubescape:3.0.3 oss-assessment GIT_REPOSITORY -o /output/report.json