Kekkai monorepo (local-first AppSec orchestration + compliance checker)
Project description
One command. Clean AppSec reports.
Kekkai 🛡️
Security that moves at developer speed. Local-first orchestration for Trivy, Semgrep, and DefectDojo.
⚡ Quick Start
Stop fighting with Docker Compose. Start scanning in 30 seconds.
Installation
Option 1: pipx (Recommended - Isolated Environment)
pipx install kekkai-cli
Option 2: Homebrew (macOS/Linux)
brew tap kademoslabs/tap
brew install kekkai
Option 3: Docker (No Python Required)
# Build image
docker build -t kademoslabs/kekkai:latest -f apps/kekkai/Dockerfile .
# Run via wrapper script
./scripts/kekkai-docker --help
# Or set up alias
alias kekkai="$(pwd)/scripts/kekkai-docker"
Option 4: Scoop (Windows)
scoop bucket add kademoslabs https://github.com/kademoslabs/scoop-bucket
scoop install kekkai
Option 5: pip (Traditional)
pip install kekkai-cli
1. Scan your project (Local)
Run industry-standard scanners (Trivy, Semgrep, Gitleaks) in unified Docker containers without installing them individually.
cd your-repo
kekkai scan
2. Spin up DefectDojo
Launch a full local vulnerability management platform (Nginx, Postgres, Redis, Celery) with one command.
kekkai dojo up --wait --open
3. Generate a Threat Model (AI)
Generate a STRIDE threat model and Data Flow Diagram using your local LLM.
kekkai threatflow --repo . --model-mode local
🛑 The Problem vs. Kekkai
| Feature | The Old Way | The Kekkai Way |
|---|---|---|
| Tooling | Manually install/update 5+ tools (Trivy, Semgrep, etc.) | One Binary. kekkai scan auto-pulls and runs the latest scanner containers. |
| Reporting | Parse 5 different JSON formats manually. | Unified Output. One deduplicated kekkai-report.json for all findings. |
| DefectDojo | Write a 200-line docker-compose.yml and debug networking. |
One Command. kekkai dojo up automates the entire stack setup. |
| Threat Modeling | Expensive consultants or manual whiteboarding. | AI Agent. kekkai threatflow generates THREATS.md locally. |
| CI/CD | Write complex bash scripts to break builds. | Policy Engine. kekkai scan --ci --fail-on high. |
🔒 Enterprise Features (Portal)
For teams that need centralized management, Kekkai Portal offers:
- SAML 2.0 SSO with Replay Protection
- Role-Based Access Control (RBAC)
- Cryptographically Signed Audit Logs
Built by Kademos Labs.
📚 Documentation
- Automated Distribution Updates - CI/CD distribution triggers
- CI Architecture - Developer guide for distribution automation
- Homebrew Maintenance - Homebrew tap management
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kekkai_cli-1.0.3.tar.gz.
File metadata
- Download URL: kekkai_cli-1.0.3.tar.gz
- Upload date:
- Size: 213.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b7b282ec94270a62868772df51f7dc1cd92e3190d9e55f2183a0f96672ea62d0
|
|
| MD5 |
d8cdaa5c54fbdc410941990285d0d437
|
|
| BLAKE2b-256 |
85df06a049c0a703be7e8cad5b4c6f870ed8d339b083c49ad17fc4384595e7e5
|
File details
Details for the file kekkai_cli-1.0.3-py3-none-any.whl.
File metadata
- Download URL: kekkai_cli-1.0.3-py3-none-any.whl
- Upload date:
- Size: 186.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e3124cb299de77d2adf266fca0d61da15789dc2957ed70f2c3557cacc69563d9
|
|
| MD5 |
4b34b908b06bbe8367cfaf3ee7504b24
|
|
| BLAKE2b-256 |
6aadf68af8e7e9264aa150039ccc4e52954c6d8593b9e1f78146e807121d8dfa
|
