This is a utility written in Go and Python for automatically generating microsegmentation policies for applications that utilize Kubernetes container orchestration and Nacos Service Mesh. It analyses an application's source code, generates a TCPManifest containing the name of the service, the version of the service, the TCP calls it makes, and finally generates Kubernetes security policies by generating a service graph of the application topology.
- The repository to be analyzed must be a valid Kubernetes project with a YAML config file.
- Golang 1.22.0
- Create an
inputfolder then place the Kubernetes project in theinputfolder. - Create an
outputfolder for maniect file to be generated into - Edit the
main.gofunction's output prefix to your preferred name. - Navigate to the
static_analyserdirectory.
cd static_analyser
- Build the project.
go build -o bin/static_analyser ./cmd/static_analyser
For Windows, run this instead:
go build -o bin/static_analyser.exe ./cmd/static_analyser
- Run the static analyser.
./bin/static_analyser
For Windows, run this instead:
./bin/static_analyser.exe
- The output will be placed in the
outputfolder with the output prefix you specified in step 2.
The output is a TCPManifest containing the name of the service, the version of the service, and the TCP calls it made.