dormstern

dormstern / segspec

Public

Static analysis from configs → Kubernetes NetworkPolicies in seconds

cloud-native devsecops golang helm k8s
15
0
100% credibility
Found Feb 23, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

segspec scans application configuration files to map network dependencies with evidence and generates Kubernetes NetworkPolicies for secure microsegmentation, including change detection for CI workflows.

How It Works

1
👂 Hear about a smart helper

A friend shares how segspec spots all the hidden connections your app needs without watching it run.

2
📥 Grab the tool

Download the ready-to-use program to your computer in seconds.

3
🔍 Point it at your project

Just tell it your app folder or online project link, and it scans everything quietly.

4
See the full picture

Get a clear list of every service your app connects to, with exact proof from your setup files.

5
🛡️ Make safety rules

Turn the list into simple rules that only allow needed connections in your setup.

6
🔄 Spot team changes

Compare updates to catch new connections added by your team right away.

🎉 Everything secured

Your app now runs safely with tight connections, no surprises, and easy reviews.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is segspec?

segspec runs static analysis on app configs like Spring YAML, Docker Compose, Kubernetes manifests, Helm charts, .env files, and build files to extract network dependencies and spit out Kubernetes NetworkPolicies in seconds. Point it at a GitHub repo URL or local dir via its Go CLI—no runtime agents or observation needed—and get summaries, JSON baselines, evidence reports, or ready-to-apply YAML for ingress/egress rules. It traces each dep back to the exact config line, making audits straightforward.

Why is it gaining traction?

Unlike dynamic tools requiring cluster access, segspec does pure static analysis of code configs, spotting deps in PR diffs to block drift in CI—perfect for GitHub Actions workflows. AI enhancement catches rule-based misses (local Ollama or cloud Gemini), and interactive mode lets you approve deps before generating per-service policies. Output formats like JSON baselines and evidence-linked diffs cut through massive YAML noise.

Who should use this?

Kubernetes platform engineers generating NetworkPolicies for microservices stacks. Security teams auditing static analysis results from configs in GitOps pipelines. DevOps folks enforcing least-privilege networking via CI gates on Spring Boot, Compose, or Helm apps.

Verdict

With 12 stars and 1.0% credibility, it's early-stage but battle-tested via solid docs, GIF demos, and full test coverage—install the binary and try on your repo today. Ideal for static analysis tools java or c++ teams eyeing K8s netpol without the hassle.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.