Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@monokle/cli
Advanced tools
Welcome to Monokle CLI
Monokle CLI is a command-line interface for static analysis of Kubernetes resources.
Use it to prevent misconfigurations within Kustomize, Helm or default Kubernetes resources. The output is available as a SARIF file which you can upload to GitHub CodeScan.
Monokle CLI includes built-in validators for
- YAML Syntax
- Kubernetes Schema compliance
- Resource links between Kubernetes resources
- OPA Security policies
Under the hood it uses @monokle/validation which allows you to configure validation rules extensively.
Check out the announcement blog-post for an overview of all features.
Table of contents
Installation
You can install the CLI using brew (if you're on MacOS)
brew install kubeshop/monokle/monokle-cli
or as an NPM package (more installers coming up...).
npm install --global @monokle/cli
(We recommend using the LTS NodeJs version)
Usage
Once installed, using the CLI is straight-forward.
Validate a YAML file
monokle validate bundle.yaml
Validate a directory
This will recursively scan all YAML files and parse them as plain Kubernetes resources.
monokle validate k8s-dir
Validate a templated Helm chart
helm template helm-dir | monokle validate -
Validate a Kustomize build
kustomize build kustomize-dir/overlays/local | monokle validate -
Generate SARIF analysis
The Monokle CLI can output its results in SARIF format.
monokle validate --output sarif k8s-dir > results.sarif
Afterwards you could use VSC's SARIF Viewer or other tools to inspect the results.
Configuration
Command-line arguments
You can use --help to access help information directly from the CLI.
@monokle/validation rules
The Monokle CLI looks for a Monokle Validation configuration file
at ./monokle.validation.yaml. You can change this by using the --config flag.
All rules are enabled by default and are described in the Monokle Validation configuration documentation.
Example
plugins:
yaml-syntax: true
kubernetes-schema: true
rules:
yaml-syntax/no-bad-alias: "warn"
yaml-syntax/no-bad-directive: false
open-policy-agent/no-last-image: "err"
open-policy-agent/cpu-limit: "err"
open-policy-agent/memory-limit: "err"
open-policy-agent/memory-request: "err"
settings:
kubernetes-schema:
schemaVersion: v1.24.2
Custom validators
It is easy to extend the Monokle CLI with custom validators that can be shared with others using our Monokle Community Plugins repository.
GitHub Action
The Monokle GitHub Action can be used to validate your resources as part of your CI/CD pipelines on GitHub
Keywords
FAQs
Monokle validation and more through the CLI
The npm package @monokle/cli receives a total of 3 weekly downloads. As such, @monokle/cli popularity was classified as not popular.
We found that @monokle/cli demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 13 Jun 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025