Quick Start Guide
Get Kexa up and running quickly.
Prerequisites
Complete Prerequisites first - you need cloud provider credentials ready.
Quickest Start with Samples
The fastest way to get started with Kexa is using our pre-configured samples from the kexa-samples repository.
Steps:
-
Clone the samples repository:
git clone https://github.com/kexa-io/kexa-samples.git
cd kexa-samples -
Navigate to a sample directory:
# For HTTP-based deployment samples
cd samples/http/
# Or for Kubernetes deployment samples
cd samples/kubernetes/ -
Review and adjust configuration files (optional):
Edit the configuration files according to your environment and needs.
-
Start Kexa with Docker Compose:
docker-compose up
The samples include pre-configured setups that serve as reference implementations for your own Kexa deployments. This is the quickest way to see Kexa in action!
Installation
Option 1: Pre-built Binary (Recommended)
The fastest way to run Kexa locally:
Linux/macOS:
curl -fsSL https://raw.githubusercontent.com/kexa-io/kexa/main/scripts/install.sh | bash
Add Kexa to your PATH:
export PATH="${HOME}/.local/bin:${PATH}"
Windows (PowerShell):
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/kexa-io/kexa/main/scripts/install.ps1" -OutFile install.ps1; ./install.ps1
Once installed, you can run kexa as a command anywhere.
Important: The binary still requires:
- A
configfolder with configuration files (e.g.,config/default.json) - A
rulesfolder with YAML rule files - Proper environment variables for your cloud providers
See the kexa-samples repository for ready-to-use configuration examples.
Option 2: Build from Source
If you prefer to build from source:
-
Clone the repository:
git clone https://github.com/kexa-io/Kexa.git
cd Kexa -
Install dependencies:
bun install -
Run Kexa:
bun run ./Kexa/main.ts
This includes sample config and rules folders to get started immediately.
Running Your First Scan
-
Set Environment Variables:
# For Azure
export A_AZURECLIENTID="your-client-id"
export A_AZURETENANTID="your-tenant-id"
export A_AZURECLIENTSECRET="your-client-secret"
export A_SUBSCRIPTIONID="your-subscription-id" -
Create Minimal Config: See Configuration
-
Run Your First Scan:
kexa # if using binary
# or
bun run Kexa/main.ts # if running from source
JSON Export
Export resources to JSON:
# Using binary
kexa -o
kexa --output
# Or from source
bun run Kexa/main.ts -o
This exports all gathered resources to ./output/resources/{timestamp}-resources.json
Export alerts to JSON:
# Using binary
kexa -a
kexa --alerts
# Or from source
bun run Kexa/main.ts -a
This exports all resources that raised an alert to ./output/alerts/{timestamp}-alerts.json grouped by rule.
Export both resources and alerts:
# Using binary
kexa -o -a
# Or from source
bun run Kexa/main.ts -o -a
Custom output directory:
# Using binary
OUTPUT=/custom/path kexa -o -a
# Or from source
OUTPUT=/custom/path bun run Kexa/main.ts -o -a
Use the OUTPUT environment variable to change the output directory (default: ./output).
CLI Options
-o, --output- Export resources to JSON-a, --alerts- Export alerts to JSON--help- Display help with examples
Docker One-Liner
For Azure (replace with your credentials):
mkdir config && echo '{"azure":[{"name":"Quick Start", "prefix": "A", "rules":["azureBenchmarkRules"]}]}' > config/default.json && \
docker run -v $(pwd)/config:/app/config \
-e A_AZURECLIENTID="your-client-id" \
-e A_AZURETENANTID="your-tenant-id" \
-e A_AZURECLIENTSECRET="your-client-secret" \
-e A_SUBSCRIPTIONID="your-subscription-id" \
innovtech/kexa
What Happens Next?
After your scan completes Viewing Results