Diki a "compliance checker" or sorts, a detective control framework with pluggable rule sets. It's part of the Gardener family, but can be used also on other Kubernetes distros or even on non-Kubernetes environments, e.g. to check compliance of your hyperscaler accounts.
Diki is the Greek word for "trial". You can also memorise it as "Detective Investigation of Key Imperatives" or as GNU-style recursive acronym "Diki Investigates Key Imperatives". It's colloquially known as "Don't I Know It", which is a nice fit as well for what it does.
Important Note: This repository is in alpha stage. The API can change without any backwards compatibility.
TODO
Most of Diki's run
configurations are provided through its config file. Options depend on the different providers and rulesets. Here are a couple of commands to get you started:
- Run all known rulesets for all known providers
diki run --config=config.yaml --all
- Run a specific ruleset for a known provider
diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r8
- Run a specific rule defined in a ruleset for a known provider
diki run --config=config.yaml --provider=gardener --ruleset-id=disa-kubernetes-stig --ruleset-version=v1r8 --rule-id=242414
Generate an html report
diki report output.json > report.hmtl
You can manually run the tests via make test
.
Contributions are very welcome. To learn more, see the contributor guide.
A special thank you to @vlerenc, @AleksandarSavchev and @dimityrmirchev who made significant contributions to the project before it was made available to the public.