Skip to content

youngsecurity/defense-unicorns-zarf

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Zarf - DevSecOps for Air Gap

Latest Release Go version Build Status Zarf Documentation Status OpenSSF Scorecard

zarf logo

Zarf Website Zarf Documentation Zarf Slack Channel

Zarf eliminates the complexity of air gap software delivery for Kubernetes clusters and cloud-native workloads using a declarative packaging strategy to support DevSecOps in offline and semi-connected environments.

Why Use Zarf

  • 💸 Free and Open-Source. Zarf will always be free to use and maintained by the open-source community.
  • ⭐️ Zero Dependencies. As a statically compiled binary, the Zarf CLI has zero dependencies to run on any machine.
  • 🔓 No Vendor Lock. There is no proprietary software that locks you into using Zarf. If you want to remove it, you still can use your helm charts to deploy your software manually.
  • 💻 OS Agnostic. Zarf supports numerous operating systems. A full matrix of supported OSes, architectures and featuresets is coming soon.
  • 📦 Highly Distributable. Integrate and deploy software from multiple secure development environments including edge, embedded systems, secure cloud, data centers, and even local environments.
  • 🚀 Develop Connected, Deploy Disconnected. Teams can build and configure individual applications or entire DevSecOps environments while connected to the internet. Once created, they can be packaged and shipped to a disconnected environment to be deployed.
  • 💿 Single File Deployments. Zarf allows you to package the parts of the internet your app needs into a single compressed file to be installed without connectivity.
  • ♻️ Declarative Deployments. Zarf packages define the precise state for your application enabling it to be deployed the same way every time.
  • 🦖 Inherit Legacy Code. Zarf packages can wrap legacy code and projects - allowing them to be deployed to modern DevSecOps environments.

📦 Out of the Box Features

🛠️ Configurable Features

Demo

preview

https://www.youtube.com/watch?v=WnOYlFVVKDE

Getting Started

To try Zarf out for yourself, visit the "Try It Now" section on our website, and if you want to learn more about Zarf and its use cases visit docs.zarf.dev.

From the docs you can learn more about installation, using the CLI, making packages, and the Zarf package schema.

Using Zarf in Github workflows? Check out the setup-zarf action. Install any version of Zarf and its init package with zero added dependencies.

Developing

To contribute, please see our Contributor Guide. Below is an architectural diagram showing the basics of how Zarf functions which you can read more about here.

Architecture Diagram

Source DrawIO

Special Thanks

Early Zarf research and prototypes were developed jointly with United States Naval Postgraduate School research you can read here.

We would also like to thank the following awesome libraries and projects without which Zarf would not be possible!

pterm/pterm mholt/archiver spf13/cobra go-git/go-git sigstore/cosign helm.sh/helm kubernetes

About

DevSecOps for Air Gap & Limited-Connection Systems. https://zarf.dev/

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 64.3%
  • HTML 20.3%
  • TypeScript 5.9%
  • Svelte 5.4%
  • JavaScript 1.4%
  • CSS 1.1%
  • Other 1.6%