Skip to content

Khulnasoft Enterprise Scanner

You can use Khulnasoft's commercial scanner to scan container images and generate vulnerability reports. The Starboard connector for Khulnasoft attempts to fetch the vulnerability report for the specified image digest via Khulnasoft's API. If the report is not found, it spins up an ad-hoc scan by executing the scannercli command.

The value of khulnasoft.imageRef determines the version of the actual scannercli binary executable and must be compatible with the version of your Khulnasoft server. By default, scannercli 5.3 is used, but if you are running, for example, Khulnasoft 5.2, change the value to docker.io/khulnasoft/scanner:5.2.

To integrate Khulnasoft scanner change the value of the vulnerabilityReports.scanner property to Khulnasoft:

kubectl patch cm starboard -n <starboard_namespace> \
  --type merge \
  -p "$(cat <<EOF
{
  "data": {
    "vulnerabilityReports.scanner": "Khulnasoft"
  }
}
EOF
)"

Specify the container image of Khulnasoft scanner and server URL:

KHULNASOFT_SERVER_URL=<your console URL>

kubectl create configmap starboard-khulnasoft-config -n <starboard_namespace> \
  --from-literal=khulnasoft.imageRef=docker.io/khulnasoft/scanner:5.3 \
  --from-literal=khulnasoft.serverURL=$KHULNASOFT_SERVER_URL

Finally, create or edit the starboard-khulnasoft-config secret to configure khulnasoft.username and khulnasoft.password credentials, which are used to connect to the Khulnasoft's management console:

KHULNASOFT_CONSOLE_USERNAME=<your username>
KHULNASOFT_CONSOLE_PASSWORD=<your password>

kubectl create secret generic starboard-khulnasoft-config -n <starboard_namespace> \
  --from-literal=khulnasoft.username=$KHULNASOFT_CONSOLE_USERNAME \
  --from-literal=khulnasoft.password=$KHULNASOFT_CONSOLE_PASSWORD

Tip

You can use Helm installer to enable Khulnasoft Enterprise scanner as follows: 

KHULNASOFT_SERVER_URL=<your console URL>
KHULNASOFT_CONSOLE_USERNAME=<your username>
KHULNASOFT_CONSOLE_PASSWORD=<your password>

helm install starboard-operator ./deploy/helm \
  --namespace starboard-system --create-namespace \
  --set="targetNamespaces=default" \
  --set="operator.vulnerabilityReportsPlugin=Khulnasoft" \
  --set="khulnasoft.imageRef=docker.io/khulnasoft/scanner:5.3" \
  --set="khulnasoft.serverURL=$KHULNASOFT_SERVER_URL" \
  --set="khulnasoft.username=$KHULNASOFT_CONSOLE_USERNAME" \
  --set="khulnasoft.password=$KHULNASOFT_CONSOLE_PASSWORD"

Settings

CONFIGMAP KEY DEFAULT DESCRIPTION
khulnasoft.imageRef docker.io/khulnasoft/scanner:5.3 Khulnasoft scanner image reference. The tag determines the version of the scanner binary executable and it must be compatible with version of Khulnasoft console.
khulnasoft.serverURL N/A The endpoint URL of Khulnasoft management console
SECRET KEY DESCRIPTION
khulnasoft.username Khulnasoft management console username
khulnasoft.password Khulnasoft management console password