How
helmper is first of all a Helm Chart Analyzer, built for the purpose of addressing a short coming of the metadata attributes in a Helm Chart - missing list of required images needed to deploy the Helm Chart. This is the core part of Helmper, and the only part of the functionality that is custom to helmper. For the remaining functionality helmper is standing on the shoulders of giants to provide additional capabilities right within helmper.
helmper is utilizing the following projects:
- Helm for Helm operations
- Oras for OCI registry interactions
- Trivy for vulnerability scanning
- Copacetic for vulnerability patching
- Buildkitd container image modification as part of Copacetic
- Cosign for container image signing
helmper connects via gRPC to Trivy and Buildkit so you can run helmper without root privileges wherever you want - as binary or as container in Kubernetes.
Core
The diagram below demonstrates the core functionality of Helmper - analyzing Helm Charts and importing the images into OCI-compliant registries.
- Pull Helm Chart(s) from remote registries
- Analyse charts for image references
- Check status of images in registries
- Distribute across registries
Extended
The diagram below demonstrates the extended functionality of Helmper - extending the core with os level vulnerability scanning, vulnerability patching and signing.
- Pull Helm Chart(s)
- Analyze charts for image references
- Check status of images in registries
- Pre-patch Scan images with Trivy
- Patch images with Copacetic
- Post-patch Scan images with Trivy
- Push images with
oras-go - Sign images with Cosign