> For the complete CircleCI developer hub index, see [llms.txt](https://circleci.com/developer/llms.txt)

# alcideio/alcide-advisor

Alcide Advisor is an agentless service for Kubernetes audit and compliance 
that’s built to ensure a frictionless and secured DevSecOps workflow by 
layering a hygiene scan of Kubernetes cluster & workloads early in the development process 
and before moving to production.

With Alcide Advisor, you can cover the following security checks:

Kubernetes infrastructure vulnerability scanning.
Hunting misplaced secrets, or excessive priviliges for secret access.
Workload hardening from Pod Security to network policies.
Istio security configuration and best practices.
Ingress Controllers for security best practices.
Kubernetes API server access privileges.
Kubernetes operators security best practices.
Deployment conformance to labeling, annotating, resource limits and much more ...

Orb source | https://github.com/alcideio/circleci-alcide-orb


## Commands

### alcide_advisor_scan

Alcide Advisor Kubernetes Cluster Scan

| Parameter | Type | Default | Description |
|---|---|---|---|
| `report_format` | enum | html | Report format - html or excel |
| `fail_on_critical` | boolean | false | Fail the task if critical findings observed. |
| `alcide_apikey` | env_var_name | ALCIDE_APIKEY | Alcide API Key. (use env var $ALCIDE_APIKEY to populate). |
| `alcide_apiserver` | string |  | Alcide API Server. |
| `policy_profile` | string |  | Alcide policy profile the cluster will be scanned against. |

## Examples

### advisor_scan

A Kubernetes Deployment to GKE with Alcide Kubernetes Scan Job

```yaml
version: 2.1
orbs:
  alcide: alcideio/alcide-advisor@1.0.2
  gcp-cli: circleci/gcp-cli@1.0.6
  gcr: circleci/gcp-gcr@0.0.2
  k8s: circleci/kubernetes@0.3.0
jobs:
  deploy_and_scan_cluster:
    description: Deploy resources into a cluster
    machine: true
    parameters:
      cluster:
        description: The Kubernetes cluster name.
        type: string
    steps:
      - checkout
      - gcr/gcr-auth
      - gcp-cli/install
      - k8s/install
      - run: |
          gcloud container clusters get-credentials <<parameters.cluster>>
      - run: |
          echo "Deploy resources into the cluster"
          kubectl get pods --all-namespaces  
      - alcide/alcide_advisor_scan:
          report_format: html
          fail_on_critical: false
          alcide_apiserver: ''
          policy_profile: ''
workflows:
  advisor_scan:
    jobs:
      - deploy_and_scan_cluster:
          cluster: demo-cluster
```