Roadmap

Long-term goal

Eventually the project is going to:

Integrates multiple scanner/audit types
- Container Image vulnerabilities scanners. For example, trivy, clair.
- Kubernetes objects validators. For example, polaris, cluster-lint.
- Kubernetes cluster configuration validation. For example, kube-bench.
- Cloud infrastructure auditors. For example, az-sk, scout-suite, security-monkey.
- Web application scanners. For example, ZAProxy
Historical data
- Persisting all scan/audit results according to a defined retention period
- Providing querying interface to historical data
Supports configuration
- enable/disable security check:
  - for the whole solution
  - for a subset of objects (tolerations) based on scanned object metadata
- creating new security checks (maybe, Open Policy Agent integration)
Provides a common control-plane for all scanners types (HTTP and cli interfaces)

The main goal: Add new scanner/audit types.

container-image vulnerabilities scanner The issue #3:
- GET /api/images/ - the summary of all used docker-images vulnerabilities scans;
- GET /api/images/{image-tag} - returns a single image vulnerabilities scan details.
polaris audit The issue #4:
- POST /api/kube-objects/polaris - requests polaris audit;
- GET /api/kube-objects/polaris - returns the result of polaris audit.
CVE The issue #5:
- GET /api/cve/{id} - a single CVE detailed description.
kube-bench audit The issue #6:
- POST /api/kube-cluster/bench - requests kube-bench audit;
- GET /api/kube-cluster/bench - returns the result of kube-bench audit.
az-sk audit The issue #7:
- POST /api/cloud/azure - requests az-sk audit;
- GET /api/cloud/azure - returns the result of az-sk audit.

The main goal: database, historical data