Konarr

A free and open source SCA platform for your containers. Monitor your servers, clusters, and containers supply chain for dependencies and vulnerabilities.

Rust Rust Containers Security Supply Chain SBOM DevSecOps
GitHub → Website → Crates.io →
Konarr

Konarr

Konarr is a simple, easy-to-use web interface for monitoring your servers, clusters, and containers supply chain for dependencies and vulnerabilities. It is designed to be lightweight and fast, with minimal resource usage.

Origin Story

This project came out of the need to monitor homelabs for insecure dependencies and components. All the products that offer this are proprietary and cost money to use.

In December 2021, Log4Shell (CVE-2021-44228) dropped and like most of the world, developers were running around trying to find if they had a service using it. Konarr was built to solve this problem - making it easy to track what’s running in your infrastructure.

Features

  • Simple Web Interface: Easy-to-use dashboard for monitoring containers
  • Blazing Fast: Written in Rust for minimal resource usage and maximum performance
  • Real-time Monitoring: Live tracking of your containers and their dependencies
  • SBOM Generation: Automatic Software Bill of Materials for your containers
  • Multiple Scanner Support: Uses Syft for image scanning (more scanners coming)
  • Orchestration Support: Works with Docker, Podman, Docker Compose, Docker Swarm
  • Supply Chain Security: Monitor for supply chain attacks and vulnerabilities
  • Lightweight: Minimal resource footprint

Supported Platforms

  • Docker / Podman
  • Docker Compose
  • Docker Swarm
  • Kubernetes (planned)

Quick Start

Install Konarr server and agent using containers:

curl https://raw.githubusercontent.com/42ByteLabs/konarr/refs/heads/main/install.sh | bash -s

Architecture

Konarr consists of two main components:

Konarr Server

The API and web interface for monitoring containers. Written in Rust using Rocket for the web server and Vue.js for the frontend.

Konarr Agent

The CLI tool that monitors your containers and reports back to the server. Lightweight and efficient, written in Rust.

Why Konarr?

  • Free & Open Source: No licensing costs
  • Privacy First: Self-hosted, your data stays with you
  • Developer Friendly: Simple setup and configuration
  • Production Ready: Battle-tested in real-world environments
  • Community Driven: Open to contributions and feedback

Name Origin

Konarr is named after Konar quo Maten (translated as “Konar the Hunter”) from Old School Runescape - a fitting name for a tool that hunts down vulnerabilities.