### Clone Powerpipe Examples and Start Docker Compose Source: https://github.com/devops-ia/powerpipe/blob/main/docs/getting-started.md Quickly clone the example configuration and start Steampipe and Powerpipe services using Docker Compose. ```bash # Clone the examples curl -O https://raw.githubusercontent.com/devops-ia/powerpipe/main/examples/docker-compose.yml # Start Steampipe + Powerpipe docker compose up -d # Open dashboards open http://localhost:9033 ``` -------------------------------- ### Run Powerpipe Server and Install Mod Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Starts the Powerpipe server in a Docker container and installs a specified mod. Ensure a PostgreSQL database is accessible. ```bash # Run Powerpipe server (HTTP dashboard on port 9033) docker run -d --name powerpipe \ -p 9033:9033 \ -e POWERPIPE_DATABASE="postgres://steampipe:password@steampipe-host:9193/steampipe" \ ghcr.io/devops-ia/powerpipe:1.5.1 # Install a mod docker exec powerpipe powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance # Access dashboards open http://localhost:9033 ``` -------------------------------- ### Start Services with Docker Compose Source: https://github.com/devops-ia/powerpipe/blob/main/docs/getting-started.md Starts the services defined in the docker-compose.yml file in detached mode. ```bash docker compose up -d ``` -------------------------------- ### Install Powerpipe with Custom Values File Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Installs the Steampipe Helm chart using a custom values.yaml file for configuration. ```bash helm install steampipe devops-ia/steampipe -f values.yaml ``` -------------------------------- ### Install and Run Kubernetes Compliance Benchmark Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md Installs the Kubernetes plugin in Steampipe and the Kubernetes compliance mod in Powerpipe, then runs the NSA/CISA Kubernetes hardening benchmark. ```bash # Requires the kubernetes plugin in Steampipe docker exec steampipe steampipe plugin install kubernetes # Install the mod docker exec powerpipe powerpipe mod install github.com/turbot/steampipe-mod-kubernetes-compliance # Run NSA/CISA Kubernetes hardening benchmark docker exec powerpipe \ powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v10 ``` -------------------------------- ### Quick Install Powerpipe with Helm Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Installs Powerpipe and Steampipe using the devops-ia/steampipe Helm chart with Powerpipe and database enabled. ```bash helm repo add devops-ia https://devops-ia.github.io/helm-charts helm repo update helm install steampipe devops-ia/steampipe \ --set powerpipe.enabled=true \ --set bbdd.enabled=true \ --set bbdd.listen=network ``` -------------------------------- ### Install and Run AWS Compliance Benchmark Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md Installs the AWS Compliance mod and runs the CIS AWS Foundations benchmark, exporting results to a JSON file. ```bash # Install the AWS Compliance mod docker exec powerpipe powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance # List available benchmarks docker exec powerpipe powerpipe benchmark list # Run the CIS AWS Foundations benchmark docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 # Export results as JSON docker exec powerpipe \ powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 \ --export /workspace/results.json ``` -------------------------------- ### Start Docker Compose Services Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md Commands to launch the stack and access the dashboard. ```bash docker compose up -d open http://localhost:9033 ``` -------------------------------- ### List All Benchmarks in Installed Mods Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Lists all available benchmarks across all installed Powerpipe mods. This command helps you discover which benchmarks you can run. ```bash docker exec powerpipe powerpipe benchmark list ``` -------------------------------- ### Run Powerpipe with Database Connection Source: https://github.com/devops-ia/powerpipe/blob/main/docs/configuration.md Start a Powerpipe container and configure the PostgreSQL database connection using the POWERPIPE_DATABASE environment variable. ```bash docker run -d \ -e POWERPIPE_DATABASE="postgresql://steampipe:mypassword@steampipe:9193/steampipe" \ ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Init Container to Install Mods in PVC Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Uses an init container to install mods into the PVC on first run, ensuring mods are available at `/workspace`. ```yaml powerpipe: initContainers: - name: install-mods image: ghcr.io/devops-ia/powerpipe:1.5.1 command: - sh - -c - | powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance env: - name: POWERPIPE_MOD_LOCATION value: /workspace volumeMounts: - name: workspace mountPath: /workspace ``` -------------------------------- ### Install Powerpipe Mod Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Install a specific mod into the Powerpipe workspace using the `powerpipe mod install` command. ```bash docker exec powerpipe powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance ``` -------------------------------- ### List Installed Powerpipe Mods Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Verify that mods have been successfully installed by listing all mods in the Powerpipe workspace. ```bash docker exec powerpipe powerpipe mod list ``` -------------------------------- ### Install AWS Plugin for Steampipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/getting-started.md Use Docker exec to install the AWS plugin within the running Steampipe container. ```bash docker exec steampipe steampipe plugin install aws ``` -------------------------------- ### Start Powerpipe Service Manually with Docker Source: https://github.com/devops-ia/powerpipe/blob/main/docs/getting-started.md Manually run the Powerpipe service in a Docker container, connecting it to the Steampipe PostgreSQL endpoint. ```bash docker run -d --name powerpipe \ --network powerpipe-net \ -p 9033:9033 \ -e POWERPIPE_DATABASE="postgresql://steampipe:mypassword@steampipe:9193/steampipe" \ ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Install AWS Compliance Mod for Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/getting-started.md Use Docker exec to install the AWS Compliance mod into the running Powerpipe instance. ```bash # Install the AWS Compliance mod docker exec powerpipe powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance ``` -------------------------------- ### Conventional Commits Examples Source: https://github.com/devops-ia/powerpipe/blob/main/CONTRIBUTING.md Examples of commit messages following the Conventional Commits specification for different types of changes. ```text feat: add support for multi-arch builds fix: correct workspace directory permissions chore: bump powerpipe to 1.6.0 docs: add mod installation example ``` -------------------------------- ### Run Unit Tests Source: https://github.com/devops-ia/powerpipe/blob/main/CONTRIBUTING.md Install Python dependencies and run unit tests using pytest. This does not require Docker. ```bash pip install -r tests/requirements.txt python3 -m pytest tests/ --cov=compare_snapshots --cov-report=term-missing ``` -------------------------------- ### Run Powerpipe with Mounted Writable Workspace Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Start Powerpipe with a local workspace directory mounted, ensuring it's writable and `POWERPIPE_MOD_LOCATION` is set. ```bash docker run -d \ -v "$PWD/workspace:/workspace" \ -e POWERPIPE_MOD_LOCATION=/workspace \ ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Install Multiple Powerpipe Mods Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Installs multiple Powerpipe mods sequentially within the Powerpipe container. This is useful for setting up several compliance or utility mods at once. ```bash docker exec powerpipe sh -c " powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance && powerpipe mod install github.com/turbot/steampipe-mod-kubernetes-compliance " ``` -------------------------------- ### Start Steampipe Service Manually with Docker Source: https://github.com/devops-ia/powerpipe/blob/main/docs/getting-started.md Manually run the Steampipe service in a Docker container, ensuring it's accessible on the network and configured with a password. ```bash docker run -d --name steampipe \ --network powerpipe-net \ -p 9193:9193 \ -e STEAMPIPE_DATABASE_PASSWORD=mypassword \ ghcr.io/devops-ia/steampipe:2.4.1 \ steampipe service start --foreground --database-listen network ``` -------------------------------- ### Deploy Steampipe and Powerpipe with Docker Compose Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md A full-stack setup pairing Powerpipe with Steampipe as the data source. ```yaml # docker-compose.yml services: steampipe: image: ghcr.io/devops-ia/steampipe:2.4.1 container_name: steampipe command: ["steampipe", "service", "start", "--foreground", "--database-listen", "network"] ports: - "9193:9193" environment: STEAMPIPE_DATABASE_PASSWORD: steampipe volumes: - steampipe-data:/home/steampipe/.steampipe - ./aws.spc:/home/steampipe/.steampipe/config/aws.spc:ro healthcheck: test: ["CMD", "pg_isready", "-h", "localhost", "-p", "9193", "-U", "steampipe"] interval: 10s timeout: 5s retries: 10 start_period: 30s powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 container_name: powerpipe command: ["powerpipe", "server", "--listen", "network"] ports: - "9033:9033" environment: POWERPIPE_DATABASE: "postgresql://steampipe:steampipe@steampipe:9193/steampipe" volumes: - powerpipe-workspace:/workspace depends_on: steampipe: condition: service_healthy volumes: steampipe-data: powerpipe-workspace: ``` -------------------------------- ### Run a One-Shot Powerpipe Benchmark Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Executes a Powerpipe benchmark without starting the main Powerpipe server. This is useful for CI/CD pipelines or quick checks. It requires mounting AWS credentials and the workspace, and setting the database connection environment variable. ```bash docker run --rm -v "$HOME/.aws:/home/powerpipe/.aws:ro" -v "$PWD/workspace:/workspace" -e POWERPIPE_DATABASE="postgresql://steampipe:pass@host.docker.internal:9193/steampipe" ghcr.io/devops-ia/powerpipe:1.5.1 powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 --output brief ``` -------------------------------- ### Configure Persistent Workspace with PVC Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Mounts a PersistentVolumeClaim (PVC) to `/workspace` for persisting installed mods and sets POWERPIPE_MOD_LOCATION. ```yaml powerpipe: enabled: true extraVolumes: - name: workspace persistentVolumeClaim: claimName: powerpipe-workspace extraVolumeMounts: - name: workspace mountPath: /workspace env: - name: POWERPIPE_MOD_LOCATION value: /workspace ``` -------------------------------- ### Run Powerpipe Benchmark via CLI (Non-Interactive) Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md Executes a Powerpipe compliance benchmark directly from the command line using `docker run`, without needing to start the Powerpipe server. This is useful for CI/CD environments. ```bash # One-shot benchmark (no server needed) docker run --rm \ -v "$HOME/.aws:/home/powerpipe/.aws:ro" \ -v "$PWD/workspace:/workspace" \ -e POWERPIPE_DATABASE="postgresql://steampipe:pass@host.docker.internal:9193/steampipe" \ ghcr.io/devops-ia/powerpipe:1.5.1 \ powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 \ --output brief ``` -------------------------------- ### Run a Specific Powerpipe Benchmark Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Executes a specific benchmark from an installed Powerpipe mod. Replace `aws_compliance.benchmark.cis_aws_foundations_benchmark_v300` with the desired benchmark identifier. ```bash docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 ``` -------------------------------- ### Docker Compose for Powerpipe and Steampipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md Defines a Docker Compose setup for Powerpipe and Steampipe, including service configurations, environment variables, and volumes. ```yaml # docker-compose.yml services: steampipe: image: ghcr.io/devops-ia/steampipe:2.4.1 command: ["steampipe", "service", "start", "--foreground", "--database-listen", "network"] environment: STEAMPIPE_DATABASE_PASSWORD: steampipe volumes: - steampipe-data:/home/steampipe/.steampipe - ./aws.spc:/home/steampipe/.steampipe/config/aws.spc:ro healthcheck: test: ["CMD", "pg_isready", "-h", "localhost", "-p", "9193"] interval: 10s timeout: 5s retries: 5 powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 ports: - "9033:9033" environment: POWERPIPE_DATABASE: "postgresql://steampipe:steampipe@steampipe:9193/steampipe" volumes: - workspace:/workspace depends_on: steampipe: condition: service_healthy volumes: steampipe-data: workspace: ``` ```bash # Install AWS plugin in Steampipe docker compose exec steampipe steampipe plugin install aws # Install AWS compliance mod in Powerpipe docker compose exec powerpipe powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance # Open dashboards open http://localhost:9033 ``` -------------------------------- ### Update All Powerpipe Mods Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Updates all installed Powerpipe mods to their latest versions. Run this command periodically to keep all your mods up-to-date. ```bash docker exec powerpipe powerpipe mod update ``` -------------------------------- ### Configure AWS Credentials in Docker Compose Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md Demonstrates two methods for mounting AWS credentials into the Steampipe service within a Docker Compose setup: using volume mounts or environment variables. ```yaml # In your docker-compose.yml steampipe service: volumes: - "$HOME/.aws:/home/steampipe/.aws:ro" ``` ```yaml environment: AWS_ACCESS_KEY_ID: "${AWS_ACCESS_KEY_ID}" AWS_SECRET_ACCESS_KEY: "${AWS_SECRET_ACCESS_KEY}" AWS_DEFAULT_REGION: us-east-1 ``` -------------------------------- ### Powerpipe Health Check Configuration Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Defines liveness and readiness probes for Powerpipe, using HTTP GET requests to the root path on port 9033. ```yaml livenessProbe: httpGet: path: / port: 9033 initialDelaySeconds: 30 periodSeconds: 30 readinessProbe: httpGet: path: / port: 9033 initialDelaySeconds: 10 periodSeconds: 10 ``` -------------------------------- ### Docker Compose Configuration for Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md Defines a multi-container setup including Steampipe, Powerpipe, and Grafana with health checks and volume persistence. ```yaml services: steampipe: image: ghcr.io/devops-ia/steampipe:2.4.1 command: ["steampipe", "service", "start", "--foreground", "--database-listen", "network"] environment: STEAMPIPE_DATABASE_PASSWORD: steampipe volumes: - steampipe-data:/home/steampipe/.steampipe healthcheck: test: ["CMD", "pg_isready", "-h", "localhost", "-p", "9193", "-U", "steampipe"] interval: 10s timeout: 5s retries: 10 start_period: 30s powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 environment: POWERPIPE_DATABASE: "postgresql://steampipe:steampipe@steampipe:9193/steampipe" volumes: - powerpipe-workspace:/workspace depends_on: steampipe: condition: service_healthy grafana: image: grafana/grafana:latest ports: - "3000:3000" environment: GF_SECURITY_ALLOW_EMBEDDING: "true" volumes: - grafana-data:/var/lib/grafana volumes: steampipe-data: powerpipe-workspace: grafana-data: ``` -------------------------------- ### Update a Specific Powerpipe Mod Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Updates a single installed Powerpipe mod to its latest available version. This ensures you are using the most recent compliance checks or features. ```bash docker exec powerpipe powerpipe mod update github.com/turbot/steampipe-mod-aws-compliance ``` -------------------------------- ### Run Benchmark with Brief Output Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Executes a Powerpipe benchmark and displays a human-readable summary. Ensure the Powerpipe container is running. ```bash docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 --output brief ``` -------------------------------- ### Export Benchmark Results as HTML Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Executes a Powerpipe benchmark and generates an HTML report. The output file path should be specified. ```bash docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 --export /workspace/results.html ``` -------------------------------- ### CI/CD Integration for Powerpipe Benchmarks Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md A bash script demonstrating how to run a Powerpipe benchmark in a CI/CD pipeline, export results, and fail the pipeline if any controls are in an alarm state. ```bash #!/bin/bash # Run benchmark and fail if any controls are in alarm state docker run --rm \ -v "$HOME/.aws:/home/powerpipe/.aws:ro" \ -v "$PWD/workspace:/workspace" \ -e POWERPIPE_DATABASE="${STEAMPIPE_CONNECTION_STRING}" \ ghcr.io/devops-ia/powerpipe:1.5.1 \ powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 \ --export /workspace/results.json \ --output brief # Check exit code — non-zero means controls failed if [ $? -ne 0 ]; then echo "Compliance benchmark failed — review results.json" exit 1 fi ``` -------------------------------- ### Check Powerpipe Logs Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Use this command to view the logs of the Powerpipe container, which can help diagnose startup issues. ```bash docker logs powerpipe ``` -------------------------------- ### Build Docker Image Locally Source: https://github.com/devops-ia/powerpipe/blob/main/CONTRIBUTING.md Build the Powerpipe Docker image locally. Use `--build-arg` to specify a particular Powerpipe version. ```bash docker build -t powerpipe:dev . ``` ```bash docker build --build-arg POWERPIPE_VERSION=1.5.1 -t powerpipe:dev . ``` -------------------------------- ### Test Powerpipe Database Connection Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Run a simple query using the Powerpipe CLI to verify the database connection string and credentials. ```bash docker run --rm \ -e POWERPIPE_DATABASE="postgresql://steampipe:yourpassword@steampipe:9193/steampipe" \ ghcr.io/devops-ia/powerpipe:1.5.1 \ powerpipe query "select 1" ``` -------------------------------- ### List Available Detections Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Use this command to see all available detection scripts within your Powerpipe modules. ```bash # List available detections docker exec powerpipe powerpipe detection list ``` -------------------------------- ### Create Feature Branch Source: https://github.com/devops-ia/powerpipe/blob/main/CONTRIBUTING.md Fork the repository, create a new branch for your changes using a descriptive name, and checkout to it. ```bash git checkout -b feat/my-improvement ``` -------------------------------- ### Run Container Structure Tests Source: https://github.com/devops-ia/powerpipe/blob/main/CONTRIBUTING.md Test the structure of the built Docker image using container-structure-test. Requires the image to be built locally and a configuration file. ```bash docker run --rm \ -v "$PWD/structure-tests.yaml:/structure-tests.yaml:ro" \ -v /var/run/docker.sock:/var/run/docker.sock \ gcr.io/gcp-runtimes/container-structure-test:latest \ test --image powerpipe:dev --config /structure-tests.yaml ``` -------------------------------- ### Full Docker Compose with Nginx Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md A complete stack configuration including Steampipe, Powerpipe, and Nginx. ```yaml # docker-compose-nginx.yml services: steampipe: image: ghcr.io/devops-ia/steampipe:2.4.1 command: ["steampipe", "service", "start", "--foreground", "--database-listen", "network"] environment: STEAMPIPE_DATABASE_PASSWORD: steampipe volumes: - steampipe-data:/home/steampipe/.steampipe healthcheck: test: ["CMD", "pg_isready", "-h", "localhost", "-p", "9193", "-U", "steampipe"] interval: 10s timeout: 5s retries: 10 start_period: 30s powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 environment: POWERPIPE_DATABASE: "postgresql://steampipe:steampipe@steampipe:9193/steampipe" POWERPIPE_BASE_URL: "https://dashboards.example.com" volumes: - powerpipe-workspace:/workspace depends_on: steampipe: condition: service_healthy nginx: image: nginx:alpine ports: - "80:80" volumes: - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro depends_on: - powerpipe volumes: steampipe-data: powerpipe-workspace: ``` -------------------------------- ### Verify Powerpipe Deployment with kubectl Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Commands to check Powerpipe pod status, port-forward to access it locally, and open it in a browser. ```bash # Check pods are running kubectl get pods -l app.kubernetes.io/name=steampipe # Port-forward to access Powerpipe locally kubectl port-forward svc/steampipe-powerpipe 9033:9033 # Open browser open http://localhost:9033 ``` -------------------------------- ### Run Benchmark in CI/CD Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md Executes a Powerpipe benchmark within a Docker container and exports the results to a JSON file. ```bash # GitHub Actions — run compliance check on schedule docker run --rm \ -v "$HOME/.aws:/home/powerpipe/.aws:ro" \ -v "$PWD/workspace:/workspace" \ -e POWERPIPE_DATABASE="${STEAMPIPE_CONNECTION_STRING}" \ ghcr.io/devops-ia/powerpipe:1.5.1 \ powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 \ --export /workspace/results.json \ --output brief ``` -------------------------------- ### Run Compliance Benchmarks Across Multiple AWS Accounts Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md Executes a compliance benchmark against all AWS accounts configured via the `aws_all` aggregator connection. ```bash docker exec powerpipe \ powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 \ --search-path-prefix aws_all ``` -------------------------------- ### Create Docker Network for Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/getting-started.md Create a dedicated Docker network to facilitate communication between Powerpipe and Steampipe containers. ```bash docker network create powerpipe-net ``` -------------------------------- ### Run a Specific Detection Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Execute a specific detection script by providing its module and name. Ensure you have the correct module and detection name. ```bash # Run a detection docker exec powerpipe powerpipe detection run . ``` -------------------------------- ### Enable Debug Logging for Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Run Powerpipe with the debug log level enabled and redirect output to a file for detailed troubleshooting. ```bash docker run --rm \ -e POWERPIPE_LOG_LEVEL=debug \ -e POWERPIPE_DATABASE="..." \ ghcr.io/devops-ia/powerpipe:1.5.1 \ powerpipe server 2>&1 | tee powerpipe-debug.log ``` -------------------------------- ### Export Benchmark Results as JSON Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Runs a Powerpipe benchmark and exports the results to a JSON file. Specify the desired output path. ```bash docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 --export /workspace/results.json ``` -------------------------------- ### Run Benchmark Across Specific Accounts Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Executes a Powerpipe benchmark, specifying a search path prefix to target specific accounts or configurations. This is useful for running benchmarks across multiple environments. ```bash docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 --search-path-prefix aws_all ``` -------------------------------- ### Run and Export Powerpipe Benchmark Results Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Runs a specific Powerpipe benchmark and exports the results to a JSON file in a brief format. The `--export` flag specifies the output file path within the container's workspace. ```bash docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 --export /workspace/results.json --output brief ``` -------------------------------- ### Define Mod Input Variables Source: https://github.com/devops-ia/powerpipe/blob/main/docs/configuration.md Create a HCL file to define input variables for a Powerpipe mod. This file is typically named with a `.ppvars` extension and placed within the workspace directory. ```hcl # workspace/steampipe.ppvars benchmark_tags = { environment = "production" team = "platform" } ``` -------------------------------- ### Lint Dockerfile Source: https://github.com/devops-ia/powerpipe/blob/main/CONTRIBUTING.md Lint the Dockerfile using Hadolint. This command runs Hadolint in a temporary Docker container. ```bash docker run --rm -i hadolint/hadolint < Dockerfile ``` -------------------------------- ### Custom Helm Values for Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Configures Steampipe (database) and Powerpipe, including image repository, tag, environment variables, resource requests/limits, and ingress settings. ```yaml # Steampipe (required by Powerpipe) bbdd: enabled: true listen: network # Powerpipe powerpipe: enabled: true image: repository: ghcr.io/devops-ia/powerpipe tag: "1.5.1" env: - name: POWERPIPE_MAX_PARALLEL value: "10" - name: POWERPIPE_LOG_LEVEL value: "warn" resources: requests: memory: "512Mi" cpu: "250m" limits: memory: "2Gi" cpu: "1" ingress: enabled: true className: nginx hosts: - host: powerpipe.example.com paths: - path: / pathType: Prefix ``` -------------------------------- ### Run Powerpipe with Increased Memory and Parallelism Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Configure Powerpipe with higher memory limits and maximum parallel workers to prevent Out-of-Memory (OOM) errors. ```bash docker run -d \ -e POWERPIPE_MEMORY_MAX_MB=2048 \ -e POWERPIPE_MAX_PARALLEL=5 \ --memory=3g \ ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Enable Debug Mode Logging Source: https://github.com/devops-ia/powerpipe/blob/main/docs/configuration.md Run a Powerpipe container with the log level set to 'debug' to enable verbose logging. This is useful for troubleshooting and understanding Powerpipe's internal operations. ```bash docker run --rm \ -e POWERPIPE_LOG_LEVEL=debug \ -e POWERPIPE_DATABASE="..." \ ghcr.io/devops-ia/powerpipe:1.5.1 \ powerpipe server ``` -------------------------------- ### Filter Benchmark Controls by Tag Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Runs a Powerpipe benchmark, filtering the controls to be executed based on a specific tag. Ensure the tag key-value pair is correctly formatted. ```bash docker exec powerpipe powerpipe benchmark run aws_compliance.benchmark.cis_aws_foundations_benchmark_v300 --tag cis_level=1 ``` -------------------------------- ### Run Powerpipe with Different Host Port Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Launch the Powerpipe container, mapping a different host port to the container's internal port 9033 to avoid conflicts. ```bash docker run -d -p 19033:9033 ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Mount Variable File in Docker Source: https://github.com/devops-ia/powerpipe/blob/main/docs/configuration.md Run a Powerpipe container, mounting both the workspace directory and a `.ppvars` file. The file is mounted read-only (`ro`) to prevent accidental modifications. ```bash docker run -d \ -v "$PWD/workspace:/workspace" \ -v "$PWD/steampipe.ppvars:/workspace/steampipe.ppvars:ro" \ ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Set Powerpipe Base URL Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md Configure the base URL for share links when using a reverse proxy. ```yaml services: powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 environment: POWERPIPE_DATABASE: "postgresql://steampipe:steampipe@steampipe:9193/steampipe" POWERPIPE_BASE_URL: "https://dashboards.example.com" ``` -------------------------------- ### Set Workspace Ownership for Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Correct the ownership and permissions of the workspace directory to allow Powerpipe (running as UID 9193) to write to it. ```bash mkdir -p workspace chown -R 9193:0 workspace chmod -R g=u workspace ``` -------------------------------- ### Parse Benchmark Results Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md Uses jq to count the number of failed controls from the exported JSON results file. ```bash # Count failed controls jq '[.groups[].controls[] | select(.status == "alarm")] | length' workspace/results.json ``` -------------------------------- ### Perform Security Scan Source: https://github.com/devops-ia/powerpipe/blob/main/CONTRIBUTING.md Scan the Powerpipe Docker image for critical vulnerabilities using Trivy. This command runs Trivy in a temporary Docker container. ```bash docker run --rm \ -v /var/run/docker.sock:/var/run/docker.sock \ aquasec/trivy image --severity CRITICAL --ignore-unfixed powerpipe:dev ``` -------------------------------- ### Mount Mod Workspace in Docker Source: https://github.com/devops-ia/powerpipe/blob/main/docs/configuration.md Run a Powerpipe container, mounting a local directory as the workspace and setting the mod location. This allows Powerpipe to access mods and configurations from the mounted volume. ```bash docker run -d \ -v "$PWD/workspace:/workspace" \ -e POWERPIPE_MOD_LOCATION=/workspace \ -e POWERPIPE_DATABASE="postgresql://steampipe:pass@steampipe:9193/steampipe" \ ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Configure Nginx Reverse Proxy Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md Expose Powerpipe dashboards under a custom domain using Nginx. ```nginx # nginx.conf server { listen 80; server_name dashboards.example.com; location / { proxy_pass http://powerpipe:9033; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } ``` -------------------------------- ### Find Process Using Port 9033 Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Identify which process is currently using port 9033 to resolve 'address already in use' errors. ```bash lsof -i :9033 ``` -------------------------------- ### Check Steampipe Service Password Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Retrieve the Steampipe service status, including the password, to verify authentication details. ```bash docker exec steampipe steampipe service status --show-password ``` -------------------------------- ### Check Steampipe Network Listening Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Ensure Steampipe is configured to listen on the network interface, not just localhost, by checking its logs. ```bash docker logs steampipe | grep "Listen" ``` -------------------------------- ### Verify Mod Location Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Check the contents of the workspace directory within the Powerpipe container to ensure mods are present. ```bash docker exec powerpipe ls /workspace ``` -------------------------------- ### OpenShift Security Context Configuration Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Sets security context for Powerpipe to be compatible with OpenShift, using specific user and group IDs. ```yaml # No securityContext overrides needed — runs with the default SCC powerpipe: enabled: true securityContext: runAsUser: 9193 runAsGroup: 0 fsGroup: 0 ``` -------------------------------- ### Configure Powerpipe User in Docker Compose Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Specify the user and group for the Powerpipe service in Docker Compose to resolve workspace permission issues. ```yaml services: powerpipe: user: "9193:0" volumes: - workspace:/workspace ``` -------------------------------- ### Verify Steampipe Reachability Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Check if the Powerpipe container can reach the Steampipe endpoint on the specified host and port. ```bash docker exec powerpipe bash -c "pg_isready -h steampipe -p 9193" ``` -------------------------------- ### Mount Local Workspace for Custom Mod Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Configures the Powerpipe service in Docker Compose to mount a local `./workspace` directory into the container. This allows you to develop and use custom mods defined in that directory. It also sets the database connection string via an environment variable. ```yaml services: powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 volumes: - ./workspace:/workspace environment: POWERPIPE_DATABASE: "postgresql://steampipe:pass@steampipe:9193/steampipe" ``` -------------------------------- ### Pull Powerpipe Docker Image Source: https://github.com/devops-ia/powerpipe/blob/main/README.md Pulls the Powerpipe Docker image from either GitHub Container Registry or Docker Hub. ```bash # GitHub Container Registry docker pull ghcr.io/devops-ia/powerpipe:1.5.1 # Docker Hub docker pull devopsiaci/powerpipe:1.5.1 ``` -------------------------------- ### Check Steampipe Query Timeout Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Query the Steampipe service directly to check its current query timeout setting, which might affect dashboard performance. ```bash docker exec steampipe bash -c "echo 'SHOW steampipe_query_timeout' | psql -h localhost -p 9193 -U steampipe -d steampipe" ``` -------------------------------- ### Adjust Powerpipe Dashboard and Benchmark Timeouts Source: https://github.com/devops-ia/powerpipe/blob/main/docs/troubleshooting.md Increase the timeout values for Powerpipe dashboards and benchmarks to prevent queries from failing on long-running operations. ```bash docker run -d \ -e POWERPIPE_DASHBOARD_TIMEOUT=300 \ -e POWERPIPE_BENCHMARK_TIMEOUT=600 \ ghcr.io/devops-ia/powerpipe:1.5.1 ``` -------------------------------- ### Embed Powerpipe in Grafana Source: https://github.com/devops-ia/powerpipe/blob/main/docs/integrations.md Use an iframe in a Grafana Text panel to display Powerpipe dashboards. ```html ``` -------------------------------- ### Reference Database Secret in Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Configures Powerpipe to use the database password from the 'steampipe-db-password' Kubernetes Secret. ```yaml powerpipe: enabled: true extraEnvVarsSecret: steampipe-db-password env: - name: STEAMPIPE_DATABASE_PASSWORD valueFrom: secretKeyRef: name: steampipe-db-password key: password ``` -------------------------------- ### Use Docker Secrets for Database Password Source: https://github.com/devops-ia/powerpipe/blob/main/docs/configuration.md Configure the Powerpipe service in Docker Compose to use Docker secrets for sensitive information like the database password. This avoids exposing plaintext passwords in environment variables. ```yaml # docker-compose.yml (Docker Swarm) services: powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 environment: POWERPIPE_DATABASE: "postgresql://steampipe:{{ secret('db_password') }}@steampipe:9193/steampipe" secrets: - db_password secrets: db_password: external: true ``` -------------------------------- ### Uninstall a Powerpipe Mod Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Removes a specific Powerpipe mod from the Powerpipe container. Use this to clean up unused mods or free up space. ```bash docker exec powerpipe powerpipe mod uninstall github.com/turbot/steampipe-mod-aws-compliance ``` -------------------------------- ### Persist Powerpipe Mods with Docker Volumes Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Configures Docker to persist Powerpipe mods across container restarts by mounting a named volume to the container's workspace directory. This prevents mods from being lost when the container is removed and recreated. ```yaml services: powerpipe: image: ghcr.io/devops-ia/powerpipe:1.5.1 volumes: - powerpipe-workspace:/workspace volumes: powerpipe-workspace: ``` -------------------------------- ### Configure Steampipe for Multiple AWS Accounts Source: https://github.com/devops-ia/powerpipe/blob/main/docs/examples.md Defines Steampipe connections for multiple AWS accounts and an aggregator connection to query across them. This configuration is used in the `aws.spc` file. ```hcl connection "aws_prod" { plugin = "aws" profile = "production" regions = ["us-east-1", "eu-west-1"] } connection "aws_dev" { plugin = "aws" profile = "development" regions = ["us-east-1"] } connection "aws_all" { plugin = "aws" type = "aggregator" connections = ["aws_prod", "aws_dev"] } ``` -------------------------------- ### Define a Custom Mod in Powerpipe Source: https://github.com/devops-ia/powerpipe/blob/main/docs/mods.md Defines a custom mod named 'local_checks' with a specified title. This is typically placed in a `mod.pp` file within your workspace. ```hcl mod "local_checks" { title = "My Custom Checks" } ``` -------------------------------- ### Kubernetes Secret for Database Password Source: https://github.com/devops-ia/powerpipe/blob/main/docs/kubernetes.md Defines a Kubernetes Secret to store the Steampipe database password. ```yaml apiVersion: v1 kind: Secret metadata: name: steampipe-db-password type: Opaque stringData: password: "mysecretpassword" ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.