Skip to content
This repository was archived by the owner on Mar 18, 2024. It is now read-only.

Latest commit



176 lines (120 loc) · 6.48 KB

File metadata and controls

176 lines (120 loc) · 6.48 KB

KlustAIR Frontend


The Klustair scanner scanns your Kubernetes namespaces for the used images and scan them with trivy. This frontend displays the result of the scanned namespaces and images in a report.

Demo :

Main Features:

  • The vulnerabilities of an images can be reviewed and whitelisted if they dont apply to any risk.
  • Auditing the configuration of your kubernetes cluster

Related Klustair projects:

Related opensource projects

  • trivy A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts
  • kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls
  • (DEPRECATED) anchore-engine A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification


Find more screenshots here

vulnerabilities details


Laravel built in authentication

ENV VAR Type value description
AUTH Boolean true|false Enables Authentication
AUTH_REGISTER Boolean true|false Allows public registration
AUTH_RESET Boolean true|false Allows password reset
AUTH_VERIFY Boolean true|false Enables E-Mail verfication

LDAP Authentication

Type value description
LDAP Boolean true|false Enables LDAP
LDAP_TYPE String OpenLDAP|ActiveDirectory Preconfigured for OpenLDAP and Active Directory
LDAP_QUERYFIELD String uid|mail|{custom} The field Klustair will try to find the User Account
LDAP_LOGGING Boolean true|false Enable logging
LDAP_CONNECTION String default Since there is only default, you want to keep this value
LDAP_HOST String openldap|custom Hostname of the LDAP Server (without Protocol ldap://)
LDAP_USERNAME String "cn=admin,dc=example,dc=org" The DN Klustair uses to connect to LDAP
LDAP_PASSWORD String The Password Klustair uses to connect to LDAP
LDAP_PORT Integer 1389|389 LDAP listening port
LDAP_BASE_DN String "ou=users,dc=example,dc=org" DN where the users are located
LDAP_TIMEOUT Integer 5 Query timeout
LDAP_SSL Boolean true|false
LDAP_TLS Boolean true|false

CLI Commands

import CWE's (Common Weakness Enumeration)

php artisan klustair:importcwe <version> [<force>]

The current latest Version is 4.3 (2020-12-10)

Manage User

php artisan klustair:user <action> [<email> [<fullname>]]

Available actions are :

  • create [<email> [<fullname>]]
  • list
  • delete[<email>]

Manage Tokens

php artisan klustair:token <action> [<name> [<email>]]

Available actions are :

  • create [<name> [<email>]]
  • list
  • delete [<name>]

Manage Init actions

php artisan klustair:init <action>]

Available actions are :

  • waitForDB

Test the LDAP Connection

php artisan ldap:test

| Connection | Successful | Username                   | Message                 | Response Time |
| default    | ✔ Yes      | cn=admin,dc=example,dc=org | Successfully connected. | 22.27ms       |


Docker images an tags can be found on

  • klustair/klustair-frontend:v[VERSION]-apache
    runs apache and PHP in a combined server. This container is based on Debian and is therefore bigger and has more vulnerabilities.

  • klustair/klustair-frontend:v[VERSION]-nginx
    Alpine baes Nginx server

  • klustair/klustair-frontend:v[VERSION]-php-fpm
    Alpine based php-fpm server

Setting up your environment

Update the values for APP_KEY DB_USERNAME & DB_PASSWORD within docker/.env.example

Note APP_KEY should be a 32 character string which is then base64 encoded you can generate one via openssl rand -base64 32

For example

> openssl rand -base64 32

Starting the Apache stack

    cd docker
    cp .env.example .env
    docker-compose up klustair-db klustair-apache

Staring the Nginx/php-fpm stack

    cd docker
    cp .env.example .env
    docker-compose up klustair-db klustair-nginx klustair-php-fpm