Skip to content

coder/coder-xray

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

coder-xray

release license

  • Query Artifactory for image vulnerability on workspace startup.
  • Inform users when they are using a vulnerable image.

Example

Usage

Apply the Helm chart to start monitoring workspaces:

helm repo add coder-xray https://helm.coder.com/coder-xray
    --namespace coder \
helm install coder-xray coder-xray/coder-xray \
	--set coder.url="https://<your-coder-url>" \
	--set coder.secretName="<your coder token secret>" \
	--set artifactory.url="https://<your-artifactory-url>" \
	--set artifactory.secretName="<your artifactory secret>"

For a detailed step by step guide, see the scanning coder workspaces with xray guide.

Note For additional customization (such as customizing the image, details on creating a secret, etc.), you can use the values.yaml file directly.

Requirements:

In order to use this service the following is required:

  • A Coder API token with at least Template Admin privileges
  • An Artifactory token

How?

Kubernetes provides an informers API that streams pod and event data from the API server.

coder-xray listens for pod creation events with containers that have the CODER_AGENT_TOKEN environment variable set. All matching pods/containers are then queried against the provided Artifactory instance and any XRay results are then pushed to the provided Coder deployment.