m0sh1/headlamp-plugin
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
281 commits 4 branches 23 tags 3.6 MiB
  • TypeScript 92.5%
  • Go 5.2%
  • JavaScript 2%
  • Makefile 0.3%
Find a file
Exact
Stuart Meya 962e904855
 chore(ci): update base images to latest versions
2026-04-10 12:39:02 +02:00
.woodpecker chore(ci): update base images to latest versions 2026-04-10 12:39:02 +02:00
demo Initial commit 2024-09-19 11:34:39 +02:00
docs docs: model 2025-04-24 14:51:08 +00:00
examples chore: update ArtifactHub metadata for sm-moshi fork 2026-03-15 20:03:37 +01:00
go build(deps): bump github.com/google/cel-go from 0.26.1 to 0.27.0 in /go 2026-02-08 21:05:51 +00:00
src fix(tsc): resolve all 23 TypeScript strict-mode errors 2026-03-16 00:01:05 +01:00
.gitignore chore: migrate from npm to pnpm 2026-03-15 22:06:51 +01:00
.npmrc chore: migrate from npm to pnpm 2026-03-15 22:06:51 +01:00
.prettierignore chore: modernise package.json, extract lint/prettier config, update .gitignore 2026-03-15 20:03:23 +01:00
.prettierrc.js chore: modernise package.json, extract lint/prettier config, update .gitignore 2026-03-15 20:03:23 +01:00
artifacthub-pkg.yml chore(release): update ArtifactHub metadata for v0.10.6 2026-03-16 00:27:46 +00:00
artifacthub-repo.yml fix(artifacthub): update repositoryID to match sm-moshi ArtifactHub repo 2026-03-15 20:14:28 +01:00
CLAUDE.md chore: migrate from npm to pnpm 2026-03-15 22:06:51 +01:00
LICENSE Initial commit 2024-09-19 11:34:39 +02:00
Makefile rego rules to dist folder for smaller js download 2025-05-07 08:14:24 +00:00
mise.toml chore: migrate from npm to pnpm 2026-03-15 22:06:51 +01:00
package.json fix(deps): update dependency @dagrejs/dagre to v3 (#12) 2026-03-31 07:19:08 +02:00
pnpm-lock.yaml chore(deps): lock file maintenance (#14) 2026-04-02 06:09:03 +02:00
README.md docs: update README for sm-moshi fork, add CLAUDE.md, trim renovate.json 2026-03-15 20:08:04 +01:00
renovate.json chore: extend org-wide Renovate base preset (pinDigests: false) 2026-03-31 02:54:20 +02:00
tsconfig.json Upgrade kinvolk/headlamp-plugin to 0.13.0 and upgrade tsconfig 2026-02-08 21:45:02 +01:00

README.md

Kubescape Headlamp Plugin

Artifact Hub License

A Headlamp plugin for Kubescape — compliance scanning, vulnerability analysis, network policies, and eBPF-based runtime threat detection.

Fork: This is the sm-moshi fork of the upstream Kubescape Headlamp plugin, with CI/CD via Woodpecker, ArtifactHub metadata, and code quality improvements.

Demo

compliance

vulnerabilities

Prerequisites

  • Kubescape operator installed in the cluster with configuration and image scanning enabled. We recommend helm chart v1.22.0 or later with capabilities.continuousScan: enable.

    Verify with: kubectl get workloadconfigurationscans -A

  • Headlamp installed in-cluster or on your workstation (desktop version recommended for testing).

Functionality

  • Compliance overview with views on controls, resources and namespaces
  • Vulnerability overview with views on CVEs, resources and images
  • Generated network policies viewer
  • Validation Admission Policy playground
  • eBPF-based runtime threat detection
  • Custom frameworks and exceptions

The plugin uses Headlamp's Allowed namespaces feature for multi-tenant clusters. Configure per user in Settings/Cluster.

Installation

Desktop Headlamp

  1. Install Headlamp
  2. Open Plugin Catalogue
  3. Select the Kubescape plugin and install
  4. Restart Headlamp if prompted

In-cluster Headlamp

Install Headlamp and add the plugin as an init container. See example helm values:

initContainers:
  - command: ['/bin/sh', '-c', 'mkdir -p /build/plugins && cp -r /plugins/* /build/plugins/']
    image: ghcr.io/sm-moshi/headlamp-kubescape-plugin:v0.10.5
    name: kubescape-plugin
    volumeMounts:
      - mountPath: /build/plugins
        name: headlamp-plugins

Quick test

Create kind cluster

Install kind and create a cluster.

Install Kubescape operator

helm repo add kubescape https://kubescape.github.io/helm-charts/
helm upgrade --install kubescape kubescape/kubescape-operator \
  -n kubescape --create-namespace \
  --set capabilities.runtimeDetection=enable \
  --set alertCRD.installDefault=true \
  --set nodeAgent.config.maxLearningPeriod=10m \
  --set capabilities.continuousScan=enable

Wait for pods: kubectl get pods -n kubescape

Test deployments

kubectl apply -f https://k8s.io/examples/application/deployment.yaml -n default
kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment

Start Headlamp desktop and load the kind cluster kubeconfig. Runtime detection requires waiting for the learning period (10 minutes).

Docs

Notes about the Kubescape data model and how the plugin leverages it.

Dependencies

Contributing and Feedback

For questions or feedback, please open an issue on the GitHub repository.

Contributions welcome — fork the repository and submit a pull request.

License

Apache-2.0. See LICENSE for details.