syncable-cli 0.37.1

A Rust-based CLI that analyzes code repositories and generates Infrastructure as Code configurations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

//! KubeLint-RS: Native Rust Kubernetes Linter
//!
//! A Rust translation of the kube-linter project.
//!
//! # Attribution
//!
//! This module is a derivative work based on [kube-linter](https://github.com/stackrox/kube-linter),
//! originally written in Go by StackRox (Red Hat).
//!
//! **Original Project:** <https://github.com/stackrox/kube-linter>
//! **Original License:** Apache-2.0
//! **Original Copyright:** Copyright (c) StackRox, Inc.
//!
//! This Rust translation maintains compatibility with the Apache-2.0 license.
//! See THIRD_PARTY_NOTICES.md and LICENSE files for full details.
//!
//! # Features
//!
//! - Kubernetes YAML file validation
//! - Helm chart linting (with template rendering)
//! - Kustomize directory support
//! - 63 built-in security and best practice checks
//! - Annotation-based rule ignoring
//! - Multiple output formats (JSON, SARIF, plain text)
//!
//! # Example
//!
//! ```rust,ignore
//! use syncable_cli::analyzer::kubelint::{lint, KubelintConfig, LintResult};
//! use std::path::Path;
//!
//! let config = KubelintConfig::default();
//! let result = lint(Path::new("./k8s/deployment.yaml"), &config);
//!
//! for failure in result.failures {
//!     println!("{}: {} - {}", failure.file_path.display(), failure.code, failure.message);
//! }
//! ```
//!
//! # Checks
//!
//! KubeLint includes 63 built-in checks covering:
//!
//! ## Security Checks
//! - Privileged containers
//! - Privilege escalation
//! - Run as non-root
//! - Read-only root filesystem
//! - Linux capabilities
//! - Host namespace access (network, PID, IPC)
//! - Host path mounts
//!
//! ## Best Practice Checks
//! - Image tag policies (no :latest)
//! - Liveness/readiness probes
//! - Resource requirements (CPU/memory)
//! - Minimum replicas
//! - Anti-affinity rules
//! - Rolling update strategy
//!
//! ## RBAC Checks
//! - Cluster admin bindings
//! - Wildcard rules
//! - Access to sensitive resources
//!
//! ## Validation Checks
//! - Dangling services/ingresses
//! - Selector mismatches
//! - Invalid target ports

pub mod checks;
pub mod config;
pub mod context;
pub mod extract;
pub mod formatter;
pub mod lint;
pub mod objectkinds;
pub mod parser;
pub mod pragma;
pub mod templates;
pub mod types;

// Re-export main types and functions
pub use config::KubelintConfig;
pub use formatter::{OutputFormat, format_result, format_result_to_string};
pub use lint::{LintResult, LintSummary, lint, lint_content, lint_file};
pub use types::{CheckFailure, Diagnostic, RuleCode, Severity};