Diki a "compliance checker" or sorts, a detective control framework with pluggable rule sets. It's part of the Gardener family, but can be used also on other Kubernetes distros or even on non-Kubernetes environments, e.g. to check compliance of your hyperscaler accounts.

Diki is the Greek word for "trial". You can also memorise it as "Detective Investigation of Key Imperatives" or as GNU-style recursive acronym "Diki Investigates Key Imperatives". It's colloquially known as "Don't I Know It", which is a nice fit as well for what it does.

Important Note: This repository is in alpha stage. The API can change without any backwards compatibility.

TODO

Most of Diki's run configurations are provided through its config file. Options depend on the different providers and rulesets. Here are a couple of commands to get you started:

• Run all known rulesets for all known providers

diki run --config=config.yaml --all

• Run a specific ruleset for a known provider

diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r8

• Run a specific rule defined in a ruleset for a known provider

diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r8 --rule-id=242414

Generate an html report

diki report output.json > report.hmtl

You can manually run the tests via make test.

Contributions are very welcome. To learn more, see the contributor guide.

A special thank you to @vlerenc, @AleksandarSavchev and @dimityrmirchev who made significant contributions to the project before it was made available to the public.