Skip to main content

Auditing tool for Docker Compose and Kubernetes deployments to ensure deployment hygiene and container readiness.

Project description

Deploy-Audit

Python Version License: MIT

Deploy-Audit is a comprehensive auditing tool for Docker Compose and Kubernetes deployments, designed to ensure deployment hygiene and container readiness. It performs automated checks for best practices, security policies, and configuration standards.

Features

Core Capabilities

  • Docker Compose Auditing: Validate healthchecks, restart policies, resource limits, environment variables, and port exposure
  • Kubernetes Auditing: Check for resource requirements, probes (liveness/readiness), security context, and image pull policies
  • Multiple Report Formats: CLI, Markdown, JSON, and HTML reports
  • Severity Scoring: Critical, High, Medium, Low, and Info severity levels
  • Flexible Integration: Python library API + CLI tool

Docker Compose Checks

  • ✅ Healthcheck presence and configuration
  • ✅ Restart policy definition
  • ✅ Environment variable security (detects hardcoded secrets)
  • ✅ Port exposure sanity (detects insecure bindings)
  • ✅ Image tag specificity (warns against :latest)
  • ✅ Resource limits configuration
  • ✅ Logging configuration

Kubernetes Checks

  • ✅ Image pull policy validation
  • ✅ Resource requirements (requests/limits)
  • ✅ Liveness probe presence
  • ✅ Readiness probe presence
  • ✅ Security context configuration
  • ✅ Network policy awareness
  • ✅ Image registry validation

Installation

From PyPI

pip install deploy-audit

From Source

git clone https://github.com/yourusername/deploy-audit.git
cd deploy-audit
pip install -e .

Development Installation

pip install -e ".[dev]"

Quick Start

Docker Compose Audit

# Audit a Docker Compose file
deploy-audit docker docker-compose.yml

# Generate HTML report
deploy-audit docker docker-compose.yml --format html --output report.html

# Fail if non-compliant (useful for CI/CD)
deploy-audit docker docker-compose.yml --strict

Kubernetes Audit

# Audit a Kubernetes manifest
deploy-audit kubernetes deployment.yaml

# Generate JSON report
deploy-audit kubernetes deployment.yaml --format json --output report.json

# Check with strict mode
deploy-audit kubernetes deployment.yaml --strict

Auto-detect Configuration Type

# Automatically detect config type
deploy-audit audit docker-compose.yml
deploy-audit audit manifest.yaml

Python API Usage

Basic Usage

from deploy_audit.auditor import Auditor
from deploy_audit.report import Report

# Read configuration file
with open("docker-compose.yml", "rb") as f:
    content = f.read()

# Create auditor and run audit
auditor = Auditor()
audit_report = auditor.audit_docker_compose(content, "docker-compose.yml")

# Generate reports in different formats
report = Report(audit_report)
print(report.cli())  # Print to console
report.save_markdown("report.md")  # Save Markdown
report.save_json("report.json")  # Save JSON
report.save_html("report.html")  # Save HTML

Advanced Usage

from deploy_audit.auditor import DockerComposeAuditor
from deploy_audit.models import CheckResult

# Use specific auditor
auditor = DockerComposeAuditor()
report = auditor.audit_content(content)

# Check report status
print(f"Is Compliant: {report.is_compliant}")
print(f"Critical Issues: {report.critical_count()}")
print(f"High Issues: {report.high_count()}")

# Filter findings
failed_checks = [f for f in report.findings if f.result == CheckResult.FAILED]
critical_issues = [f for f in report.findings if f.severity.name == "CRITICAL"]

Custom Checks

from deploy_audit.checks import Check
from deploy_audit.models import CheckResult, Severity

class CustomCheck(Check):
    id = "custom-001"
    name = "Custom Check"
    description = "My custom audit check"
    severity = Severity.HIGH
    remediation = "Fix the issue"

    def evaluate(self, resource_name, config):
        # Your check logic here
        if condition_met(config):
            return CheckResult.PASSED
        return CheckResult.FAILED

Report Formats

CLI Report

================================================================================
DEPLOYMENT AUDIT REPORT: docker-compose.yml
Type: docker-compose | Time: 2024-01-15T10:30:00
================================================================================

SUMMARY
--------------------------------------------------------------------------------
Total Checks: 14
Passed: 9
Failed: 5
Critical: 1
High: 2
Status: ✗ NON-COMPLIANT

Markdown Report

Professional Markdown format suitable for documentation and version control:

# Deployment Audit Report: docker-compose.yml

| Metric | Value |
|--------|-------|
| Total Checks | 14 |
| Passed | 9 |
| Failed | 5 |
| Status | ❌ NON-COMPLIANT |

## Findings
...

JSON Report

{
  "config_type": "docker-compose",
  "config_name": "docker-compose.yml",
  "timestamp": "2024-01-15T10:30:00",
  "summary": {
    "total_checks": 14,
    "passed": 9,
    "failed": 5,
    "is_compliant": false
  },
  "findings": [...]
}

HTML Report

Interactive HTML report with:

  • Visual severity indicators
  • Summary statistics
  • Detailed findings with remediation
  • Responsive design

Configuration

Severity Levels

  • CRITICAL (🔴): Must fix before deployment
  • HIGH (🟠): Should fix for production
  • MEDIUM (🟡): Recommended improvements
  • LOW (🟢): Nice to have enhancements
  • INFO (ℹ️): Informational

Check Results

  • PASSED: Check succeeded
  • FAILED: Check failed
  • WARNING: Check passed but with warnings
  • INFO: Informational finding
  • SKIPPED: Check not applicable

Integration

GitHub Actions Example

name: Deployment Audit

on: [pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v4
        with:
          python-version: '3.11'
      - name: Install deploy-audit
        run: pip install deploy-audit
      - name: Audit Docker Compose
        run: deploy-audit docker docker-compose.yml --format markdown --output audit.md
      - name: Upload Report
        uses: actions/upload-artifact@v3
        with:
          name: audit-report
          path: audit.md

Pre-commit Hook

repos:
  - repo: local
    hooks:
      - id: deploy-audit-docker
        name: Deploy-Audit Docker Compose
        entry: deploy-audit docker
        language: python
        files: docker-compose\.yml$
        types: [yaml]

Architecture

Components

  • Parsers: Extract and validate configuration files
  • Auditors: Run checks against configurations
  • Checks: Individual audit rules and validations
  • Models: Data structures for findings and reports
  • Reporters: Format and export audit results
  • CLI: Command-line interface

Design Principles

  • Single Responsibility: Each check handles one concern
  • Composability: Mix and match checks as needed
  • Extensibility: Easy to add custom checks
  • Performance: Fast audit execution
  • Clarity: Clear, actionable findings

Testing

# Run all tests
pytest

# Run with coverage
pytest --cov=deploy_audit

# Run specific test suite
pytest tests/test_auditors.py

# Run tests in parallel
pytest -n auto

Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Add tests for new functionality
  4. Ensure all tests pass
  5. Submit a pull request

Documentation

Performance

  • Average audit time: <100ms for typical Docker Compose files
  • Memory usage: <50MB for standard configurations
  • Scalability: Handles 100+ services efficiently

Roadmap

  • Docker Compose support
  • Kubernetes support
  • Multi-file manifest support
  • Policy-as-code engine
  • Custom rule definitions
  • Integration with registries
  • SBOM generation
  • Compliance framework mapping (CIS, NIST)

License

MIT License - see LICENSE file for details

Support

About

Deploy-Audit is designed for:

  • DevOps Engineers: Ensure consistent deployment standards
  • Security Teams: Enforce security policies
  • Platform Teams: Automate infrastructure validation
  • CI/CD Pipelines: Automated compliance checks
  • Learning: DevOps best practices education

Made with ❤️ for the DevOps community

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

deploy_audit-0.1.0.tar.gz (23.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

deploy_audit-0.1.0-py3-none-any.whl (18.8 kB view details)

Uploaded Python 3

File details

Details for the file deploy_audit-0.1.0.tar.gz.

File metadata

  • Download URL: deploy_audit-0.1.0.tar.gz
  • Upload date:
  • Size: 23.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.0

File hashes

Hashes for deploy_audit-0.1.0.tar.gz
Algorithm Hash digest
SHA256 eefc78c7303c263ae1bcac4a8b7937cdb13517302c3f48301f608aecef8f3a6b
MD5 cecdc7dc124f4f22ade3b78a35b92106
BLAKE2b-256 f9c165db6e07a25f7bf48b42bfd2feb709b9c5df9a1fbdb1a79b587b734a3ce4

See more details on using hashes here.

File details

Details for the file deploy_audit-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: deploy_audit-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 18.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.0

File hashes

Hashes for deploy_audit-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a91c993d1995c2bd8930e076986e24968e1ecd18e54d0a314cf63f7c85157b05
MD5 8dd9b83ab3e1c354fa9d82f2f8c8c3cd
BLAKE2b-256 d68e9251faa9f4e12608119e91984538aa8ec262f41e591c27cd24407da5aca5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page