Welcome to the Zora documentation¶
This documentation will help you install, explore, and configure Zora!
What is Zora?¶
Zora is an open-source solution that helps you achieve compliance with Kubernetes best practices recommended by industry-leading frameworks.
By scanning your cluster with multiple plugins at scheduled times, Zora identifies potential issues, misconfigurations, and vulnerabilities.
Zora OSS vs Zora Dashboard¶
Zora OSS is open-source, available under Apache 2.0 license, and can be used either as standalone tool or integrated with Zora Dashboard, a SaaS platform which centralize all your clusters providing a full experience. Please refer to Zora Dashboard page for more details.
Key features¶
Multi-plugin architecture¶
Zora seamlessly integrates open-source tools like Popeye, Marvin, and Trivy as scanners. These tools' capabilities are combined to provide you with a unified view of your cluster's security posture, addressing potential issues, misconfigurations, and vulnerabilities.
Kubernetes compliance¶
Zora and its plugins provide actionable insights, guiding you to align your cluster with industry-recognized frameworks such as NSA-CISA, MITRE ATT&CK, CIS Benchmark, and Pod Security Standards.
Custom checks¶
Enabled by the Marvin plugin, Zora offers a declarative way to create your own checks by using CEL expressions to define validation rules.
Kubernetes-native¶
All scan configurations and plugin reports, including misconfigurations and vulnerabilities,
are securely stored as CRDs (Custom Resource Definitions)
within your Kubernetes cluster, making it easily accessible through the Kubernetes API and kubectl
command.
Architecture¶
Zora works as a Kubernetes Operator, where both scan and plugin configurations, as well as the results (misconfigurations and vulnerabilities), are managed in CRDs (Custom Resource Definitions).
Zora Dashboard
When a Zora OSS installation is integrated with Zora Dashboard,
scan results are automatically sent to Zora Dashboard SaaS by zora-operator
.
Check out Zora Dashboard architecture for more details.
Zora origins¶
In the early days of the cloud native era, Borg dominated the container-oriented cluster management scene. The origin of the name Borg refers to the cybernetic life form existing in the Star Trek series, that worked as a collective of individuals with a single mind and the same purpose, as well as a "cluster".
As good nerds as we are and wishing to honor our Kubernetes' predecessor (Borg) we named our project Zora.
In Star Trek, Zora is the Artificial Intelligence that controls the ship U.S.S Discovery.
After being merged with a collective of other intelligences, Zora became sentient and became a member of the team,
bringing insights and making the ship more efficient.
Like Star Trek's Zora, our goal is to help manage your Kubernetes environment by combining multiple plugin capabilities to scan your clusters looking for misconfigurations and vulnerabilities.