Ocular is a Kubernetes API extension that allows you to perform security scans on static software assets. It provides a set of custom resource definitions that allow you to configure and run security or compliance scanning tools over static software assets, such as git repositories, container images, or any static content that can be represented on a file system.

It is designed to allow for both regular scans on a scheduled basis or, ad-hoc security scans ran on demand. The system allows for the user to customize not only the scanning tools that are used, but also:

• How scan targets are enumerated (e.g. git repositories, container images, etc.)
• How those scan targets are downloaded into the scanning environment (e.g. git clone, container pull, etc.)
• How the scanning tools are configured and run (e.g. custom command line arguments, environment variables, etc.)
• Where the results are sent (e.g. to a database, to a file, to a cloud storage etc.)

Each of these components can be configured independently, allowing for a high degree of flexibility and customization. Each of the 4 components (enumeration, download, scanning, and results) can be customized via a container image that implements a specific interface, normally through environment variables, command line arguments and file mounts.

For more information on Ocular and how to use it, see the Ocular project site.

See the installation guide on our documentation site for instructions on how to install Ocular via Helm.

See DEVELOPMENT.md for instructions on how to run the application locally.

We are constantly learning about emerging use cases and are always interested in hearing about how you use Ocular. If you would like to talk, please get in touch.