{"id":13407606,"url":"https://github.com/kiali/kiali","last_synced_at":"2026-06-01T23:00:30.653Z","repository":{"id":37444901,"uuid":"120181748","full_name":"kiali/kiali","owner":"kiali","description":"Kiali project, observability for the Istio service mesh","archived":false,"fork":false,"pushed_at":"2026-05-27T14:37:26.000Z","size":81468,"stargazers_count":3616,"open_issues_count":131,"forks_count":556,"subscribers_count":72,"default_branch":"master","last_synced_at":"2026-05-27T16:21:59.115Z","etag":null,"topics":["istio","management","observability","openshift","service-mesh"],"latest_commit_sha":null,"homepage":"https://www.kiali.io","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kiali.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2018-02-04T12:11:57.000Z","updated_at":"2026-05-27T13:53:18.000Z","dependencies_parsed_at":"2026-05-20T09:03:31.424Z","dependency_job_id":null,"html_url":"https://github.com/kiali/kiali","commit_stats":{"total_commits":5794,"total_committers":144,"mean_commits":"40.236111111111114","dds":0.8567483603727994,"last_synced_commit":"35bbdbb17d29effbda201a2cc7a44647b13814c7"},"previous_names":["swift-sunshine/swscore"],"tags_count":529,"template":false,"template_full_name":null,"purl":"pkg:github/kiali/kiali","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiali%2Fkiali","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiali%2Fkiali/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiali%2Fkiali/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiali%2Fkiali/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kiali","download_url":"https://codeload.github.com/kiali/kiali/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kiali%2Fkiali/sbom","scorecard":{"id":456665,"data":{"date":"2025-08-11","repo":{"name":"github.com/kiali/kiali","commit":"ac0d07bf15a1ba96fb36c2bc391fd883b959dd47"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.8,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-backend.yml:1","Warn: no topLevel permission defined: .github/workflows/build-frontend.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-backend-multicluster-external-controlplane.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-backend.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-frontend-ambient.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-frontend-multicluster-external-kiali.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-frontend-multicluster-multi-primary.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-frontend-multicluster-primary-remote.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-frontend-tempo.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests-frontend.yml:1","Warn: no topLevel permission defined: .github/workflows/kiali-ci.yml:1","Warn: no topLevel permission defined: .github/workflows/molecules.yml:1","Warn: no topLevel permission defined: .github/workflows/nightly.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/tag-bump-version.yml:1","Warn: no topLevel permission defined: .github/workflows/tag-release-creator.yml:1","Warn: no topLevel permission defined: .github/workflows/test-images-creator.yml:1","Warn: no topLevel permission defined: .github/workflows/test-images-release.yml:1","Warn: no topLevel permission defined: .github/workflows/test-images-update-latest.yml:1","Warn: no topLevel permission defined: .github/workflows/test-istio-version.yml:1","Warn: no topLevel permission defined: .github/workflows/test-lint-backend.yml:1","Warn: no topLevel permission defined: .github/workflows/version-checker.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing shell code: \"[x]\" must be followed by =: hack/istio/multicluster/deploy-kiali.sh:0","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-backend.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/build-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-backend.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/build-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-backend.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/build-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-backend.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/build-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-frontend.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/build-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-frontend.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/build-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-frontend.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/build-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend-multicluster-external-controlplane.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend-multicluster-external-controlplane.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend-multicluster-external-controlplane.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend-multicluster-external-controlplane.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend-multicluster-external-controlplane.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend-multicluster-external-controlplane.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend-multicluster-external-controlplane.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend-multicluster-external-controlplane.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-backend.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-ambient.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-ambient.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-ambient.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-ambient.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-ambient.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-ambient.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-ambient.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-ambient.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-ambient.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-ambient.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-external-kiali.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-external-kiali.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-external-kiali.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-external-kiali.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-external-kiali.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-external-kiali.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-external-kiali.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-external-kiali.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-external-kiali.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-external-kiali.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-multi-primary.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-multi-primary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-multi-primary.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-multi-primary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-multi-primary.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-multi-primary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-multi-primary.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-multi-primary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-multi-primary.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-multi-primary.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-primary-remote.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-primary-remote.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-primary-remote.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-primary-remote.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-primary-remote.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-primary-remote.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-primary-remote.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-primary-remote.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-multicluster-primary-remote.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-multicluster-primary-remote.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-tempo.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-tempo.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-tempo.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-tempo.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-tempo.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-tempo.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-tempo.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-tempo.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend-tempo.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend-tempo.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests-frontend.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/integration-tests-frontend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/molecules.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/molecules.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/nightly.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/nightly.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/nightly.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/nightly.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:222: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:236: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:243: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-bump-version.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/tag-bump-version.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag-release-creator.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/tag-release-creator.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-images-creator.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-images-creator.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images-creator.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-images-creator.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-images-creator.yml:104: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-images-creator.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images-creator.yml:108: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-images-creator.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images-release.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-images-release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-images-update-latest.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-images-update-latest.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-images-update-latest.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-images-update-latest.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-lint-backend.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-lint-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-lint-backend.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/test-lint-backend.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version-checker.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/kiali/kiali/version-checker.yml/master?enable=pin","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-cypress:6: pin your Docker image by updating cypress/base:20.16.0 to cypress/base:20.16.0@sha256:45adc17a6a8ef3af3ddc70c5966cf91ba4359e4d408365c00a2e7be943731d01","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-distroless:3","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-multi-arch:1","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-multi-arch:2","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-multi-arch:3","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-multi-arch:4","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-multi-arch:6","Warn: containerImage not pinned by hash: deploy/docker/Dockerfile-multi-arch-distroless:3","Warn: containerImage not pinned by hash: hack/istio/skupper/demo-emit-metrics-deployment/Dockerfile:5: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi:latest to registry.access.redhat.com/ubi9/ubi:latest@sha256:8851294389a8641bd6efcd60f615c69e54fb0e2216ec8259448b35e3d9a11b06","Warn: containerImage not pinned by hash: tests/integration/Dockerfile:1: pin your Docker image by updating registry.access.redhat.com/ubi9/ubi-minimal:latest to registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:8d905a93f1392d4a8f7fb906bd49bf540290674b28d82de3536bb4d0898bf9d7","Warn: goCommand not pinned by hash: hack/fix_imports.sh:9","Warn: goCommand not pinned by hash: hack/hooks/pre-commit.sh:10","Warn: downloadThenRun not pinned by hash: hack/istio/download-istio.sh:140","Warn: downloadThenRun not pinned by hash: hack/istio/install-scale-mesh-demo.sh:63","Warn: downloadThenRun not pinned by hash: hack/istio/install-scale-mesh-demo.sh:127","Warn: downloadThenRun not pinned by hash: hack/istio/skupper/install-skupper-demo.sh:698","Warn: downloadThenRun not pinned by hash: hack/perf-ibmcloud-openshift.sh:363","Info:   0 out of  63 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   0 out of   5 downloadThenRun dependencies pinned","Info:   0 out of  10 containerImage dependencies pinned","Info:   0 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T09:52:45.285Z","repository_id":37444901,"created_at":"2025-08-19T09:52:45.285Z","updated_at":"2025-08-19T09:52:45.285Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33797128,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["istio","management","observability","openshift","service-mesh"],"created_at":"2024-07-30T20:00:44.967Z","updated_at":"2026-06-01T23:00:30.647Z","avatar_url":"https://github.com/kiali.png","language":"Go","funding_links":[],"categories":["istio dashboard","TypeScript","Go","Kubernetes","others","Observability","Tools and Libraries","observability","Dashboard","Observability \u0026 Monitoring","Service Mesh"],"sub_categories":["Regex","Monitoring, Alerts, and Visualization","Service Mesh Observability"],"readme":"= Kiali image:https://img.shields.io/twitter/url/http/shields.io.svg?style=social[\"Tweet about Kiali\", link=\"https://twitter.com/intent/tweet?text=Learn%20what%20your%20Istio-Mesh%20is%20doing.%20Visit%20https://www.kiali.io/%20and%20@kialiProject\"]\n:toc: macro\n:toc-title:\n\nimage:https://img.shields.io/badge/license-Apache2-blue.svg[\"Apache 2.0 license\", link=\"LICENSE\"]\n\n== Introduction\n\nlink:https://kiali.io/[kiali] is a management console for Istio service mesh. Kiali can be quickly installed as an Istio add-on or integrated as a trusted component within a production environment.\n\n=== Table of contents\n\ntoc::[]\n\n=== Contributing\n\nFirst, check the link:https://kiali.io/community/[Community section on kiali.io], which provides a brief introduction on contributing, how to report issues and request features, and how to reach us.\n\nFor those interested in making code contributions, please also check the link:./CONTRIBUTING.md[Contribution Guide].\n\n=== Getting Started\n\nThe target audience of this README are developers. For those who are not developers but wish to learn more about Kiali, the link:https://kiali.io/docs[Kiali documentation] should be more helpful. For instructions on installing Kiali, please read the link:https://kiali.io/docs/installation/[Installation] page.\n\n=== AI Documentation (Dev Preview)\n\nKiali includes a Chat AI integration in **developer preview**. The APIs and configuration are still evolving and may change without notice. See link:./ai/README.md[AI README] for details.\n\n=== How and where Kiali is released?\n\nRead the link:./RELEASING.adoc[RELEASING.adoc] file.\n\n== Developer setup\n\nEnsure the following tools are available:\n\n* The link:http://golang.org/doc/install[Go Programming Language]\n** Kiali releases are built with a specified minimum version of Go, as indicated in the link:https://github.com/kiali/kiali/blob/master/Makefile#L31[Makefile]. While Kiali may compile with other versions, using the version specified in the Makefile is recommended for consistent builds.\n* link:http://git-scm.com/book/en/v2/Getting-Started-Installing-Git[git]\n* gcc\n* link:https://docs.docker.com/installation/[Docker] or link:https://podman.io[Podman]\n** If using `podman`, set the environment variable `DORP=podman`.\n* link:https://nodejs.org[NodeJS] (Node.js \u003e= 20 with the NPM command)\n** link:https://nodejs.org/api/corepack.html[Corepack] is used to manage the Yarn version. Enable it with `corepack enable`. The exact Yarn version is pinned in `frontend/package.json` via the `packageManager` field.\n* The _GNU make_ (or a compatible alternative)\n\nOnce the required developer tools are available, the code can be obtained and built using the following script:\n\n[source,shell]\n----\n# Checkout the source code\nmkdir kiali_sources\ncd kiali_sources\nexport KIALI_SOURCES=$(pwd)\n\ngit clone https://github.com/kiali/kiali.git\ngit clone https://github.com/kiali/kiali-operator.git\ngit clone https://github.com/kiali/helm-charts.git\n\nln -s $KIALI_SOURCES/kiali-operator kiali/operator\n\n# Build the front-end\nmake build-ui\n\n# Build the back-end\ncd $KIALI_SOURCES/kiali\nmake build\n\n# Go test flags can be passed via the GO_TEST_FLAGS environment variable.\n# make -e GO_TEST_FLAGS=\"-race -v -run=\\\"TestCanConnectToIstiodReachable\\\"\" test\n----\n\n[NOTE]\nThe rest of this README assumes the directory tree created by the previous commands:\n\n -- kiali_sources\n    |- kiali\n    |- kiali-operator\n    \\- helm-charts\n\n=== Create a Kubernetes cluster and install a Service Mesh\n\nTo use Kiali, a management console for Istio-based service meshes, an Istio-compatible service mesh is required. Istio meshes are installed on Kubernetes clusters.\n\nWe provide a few unsupported scripts that can help to get started. The scripts below are already in the Kiali Repository. Ensure that the correct path is being used to run the scripts without issues.\n\n\n* One way to setup your development environment locally is to run the link:hack/run-integration-tests.sh[`run-integration-tests.sh`] script. This will start a local cluster, install Istio and Bookinfo, and then start Kiali. It supports every deployment scenario including multi-cluster, external Kiali, etc. It is also run as part of the CI pipeline so there's a high chance it will work for you. The multi-cluster suites currently **do not** work with podman and you must have docker engine installed on your system.\n* The link:hack/crc-openshift.sh[`crc-openshift.sh`] script allows creation of an OpenShift cluster on a local machine.\n* For those familiar with minikube, the link:hack/k8s-minikube.sh[`k8s-minikube.sh`] script can be used. This script includes an option to install Dex, which is helpful for testing with OpenID.\n* Alternatively, the link:hack/start-kind.sh[`start-kind.sh`] script can be used to create a single-node KinD cluster with MetalLB enabled, allowing Kiali to be tested in a real environment.\n* Finally, the link:hack/istio/install-istio-via-istioctl.sh[`install-istio-via-istioctl.sh`] and the link:hack/istio/install-bookinfo-demo.sh[`install-bookinfo-demo.sh`] scripts can assist in installing Istio and the Bookinfo sample application in the cluster, respectively. Trying to run these scripts without any arguments is also an option.\n\nThese scripts are written to rely on the minimum dependencies as possible and will try to download any required tools.\n\nBased on the type of cluster in use, define the `CLUSTER_TYPE` environment variable in the shell. Set it to `openshift` (default if not specified), `minikube` or `kind` so the Makefiles can assist with additional operations. For other cluster types, set  `CLUSTER_TYPE=local`.\n\n[NOTE]\nFor `minikube` it is recommended to enable the `registry` and `ingress` add-ons, which can be configured by the `k8s-minikube.sh` script.\n\n[NOTE]\nWhen using `docker` with Minikube's registry add-on or any custom non-secure registry, ensure the link:https://docs.docker.com/registry/insecure/[Docker daemon is properly configured to use your registry].\n\n=== Running Kiali from your local kubeconfig (with hot-reload)\n\nThis is the simplest way to get started developing on Kiali. You will startup the backend which reads from your local kubeconfig file and connects to the cluster set as your current context by default. Kiali uses link:air[`https://github.com/air-verse/air`] to enable hot reloads for the backend server.\n\n[source,shell]\n----\nmake build-ui\nmake run-backend\n\n# To pass additional arguments to the backend, set the KIALI_RUN_ARGS environment variable.\n# For example:\n# make KIALI_RUN_ARGS=\"--log-level debug\" run-backend\n#\n# To pass additional contexts from your kubeconfig for multi-cluster Kiali:\n# make KIALI_RUN_ARGS=\"--remote-cluster-contexts kind-mesh --cluster-name-overrides kind-mesh=mesh\" run-backend\n# The kube context name must match the Istio cluster name otherwise you must provide a cluster name override as shown above.\n----\n\nIn a separate terminal, start the frontend dev server. This will start the frontend dev server that connects to the backend running in the other terminal. It will also open the Kiali UI in your default browser.\n\n[source,shell]\n----\nmake run-frontend\n----\n\nNow kiali will be rebuilt and reloaded automatically when you make changes to either the backend or the frontend.\n\n=== Building the Container Image and deploying to a cluster\n\nAssuming the following conditions:\n\n* The back-end and front-end have been successfully built. Note that the front-end assets need to be built before the back-end, as the back-end will embed the front-end assets during its build process.\n* A Kubernetes cluster with an Istio-based Service Mesh has been created\n* The `CLUSTER_TYPE=local` environment variable is not being used\n\nThe commands below will deploy a development build of Kiali to the cluster.\n\n[source,shell]\n----\ncd $KIALI_SOURCES/kiali\n\n# Build the Kiali-server and Kiali-operator container images and push them to the cluster\nmake cluster-push\n\n# To build and push only the Kiali-server container images:\n# make cluster-push-kiali\n\n# To build and push only the Kiali-operator container images:\n# make cluster-push-operator\n\n# Deploy the operator to the cluster\nmake operator-create\n\n# Create a KialCR to instruct the operator to deploy Kiali\nmake kiali-create\n----\n\nWhen using the `CLUSTER_TYPE=local` environment variable, additional environment variables must be declared to specify the container registry for pushing container images. The `make container-push*`  targets should be used instead of the `cluster-push*` targets. For example, if the container registry is `localhost:5000`:\n\n[source,shell]\n----\nexport QUAY_NAME=localhost:5000/kiali/kiali\nexport CONTAINER_NAME=localhost:5000/kiali/kiali\nexport OPERATOR_QUAY_NAME=localhost:5000/kiali/kiali-operator\nexport OPERATOR_CONTAINER_NAME=localhost:5000/kiali/kiali-operator\n\ncd $KIALI_SOURCES/kiali\n\n# Build the Kiali-server and Kiali-operator container images and push them to the cluster\nmake container-build container-push\n\n# To build and push only the Kiali-server container images:\n# make container-build-kiali container-push-kiali-quay\n\n# To build and push only the Kiali-operator container images:\n# make container-build-operator container-push-operator-quay\n\n# Deploy the operator to the cluster\nmake operator-create\n\n# Create a KialCR to instruct the operator to deploy Kiali\nmake kiali-create\n----\n\n=== Reloading Kiali image\n\nIf Kiali is already installed and there is a need to recreate the Kiali server pod, the following command can be run:\n\n[source,shell]\n----\ncd $KIALI_SOURCES/kiali\nmake kiali-reload-image\n----\n\nThis is intended to facilitate development. To quickly build a new Kiali container image and load it to the cluster, run the following command:\n\n[source,shell]\n----\ncd $KIALI_SOURCES/kiali/frontend\nyarn install \u0026\u0026 yarn build\n\ncd $KIALI_SOURCES/kiali\nmake clean build cluster-push-kiali kiali-reload-image\n----\n\n[NOTE]\nNo equivalent reload command exists for the operator. The operator must be manually reloaded using `kubectl` or `oc` commands.\n\n=== Cluster clean-up\n\n[source,shell]\n----\ncd $KIALI_SOURCES/kiali\n\n# Delete the Kiali CR to let the operator remove Kiali.\nmake kiali-delete\n\n# If the previous command fails to complete, the following command forces removal by bypassing the operator\n# make kiali-purge\n\n# Remove the operator\n# NOTE: After this is completed, the `kiali-create` and `kiali-delete` targets will be ineffective\n# Until the `operator-create` target is run to re-deploy the Kiali operator, execute the following command to delete the operator:\nmake operator-delete\n----\n\n=== Code formatting and linting\n\nWhen changing the back-end code of Kiali, ensure that the changes are properly formatted and no new linting issues are introduced before submitting a pull request by running:\n\n[source,shell]\n----\n# CD to the back-end source code\ncd $KIALI_SOURCES/kiali\n\n# Install linting tools\nmake lint-install\n\n# Format the code and run linters\nmake format lint\n----\n\n=== Enable tracing\n\nKiali itself is instrumented with opentelemetry tracing to help provide insights and surface performance issues for the kiali server. To enable, set the `server.observability.tracing.enabled` and `server.observability.tracing.collector_url` configuration options.\n\n[source,yaml]\n----\napiVersion: kiali.io/v1alpha1\nkind: Kiali\nmetadata:\n  name: kiali\nspec:\n...\n  server:\n    observability:\n      tracing:\n        collector_url: http://jaeger-collector.istio-system:14268/api/traces\n        enabled: true\n...\n----\n\n=== Running Standalone\n\nFor debugging purposes, running Kiali outside of a cluster environment may be desired. To do this, use the link:./hack/run-kiali.sh[run-kiali.sh] script in the\nlink:./hack[hack] directory. Check the `--help` output for available options.\nBy default, the script uses the configuration template file located in the same directory it uses, and can be found in the link:./hack/run-kiali-config-template.yaml[config template file]\nalso located in the `hack` directory. For additional information, refer to the comments at the top of both files.\n\nThe following command has a typical set of options when running this with a typical \"all-in-one\" environment (single cluster, co-located Istio and Kiali, default \"Kubernetes\" cluster name), and\nan intent to start a debug server in your IDE (like vscode). It overrides some ports so they don't conflict with defaults:\n\n[source,shell]\n----\ncd $KIALI_SOURCES/kiali/hack\n./run-kiali.sh --enable-server false --tmp-root-dir $HOME/tmp -pg 3005:3005 -cn Kubernetes\n----\n\nThe following command has a typical set of options when running this in an external Kiali environment, setup using the install-external-kiali.sh hack script. In this\nenvironment you will have two clusters, \"mesh\" has the Istio and deployed apps,  and \"mgmt\" has Kiali.\n\n[source,shell]\n----\ncd $KIALI_SOURCES/kiali/hack\n./run-kiali.sh --enable-server false --tmp-root-dir $HOME/tmp -pg 3005:3005 -kc mesh -cn mgmt -hkc mgmt\n----\n\n=== Running integration tests\n\nThere are two sets of integration tests. The first are backend tests that test the Kiali API directly. These can be found at link:./tests/integration/README.md[backend tests]. The second are frontend Cypress tests that test Kiali through the browser. These can be found at link:./frontend/cypress/README.md[frontend tests].\n\nBoth tests are executed as part of the CI pipeline. To run these tests locally, link:./hack/run-integration-tests.sh[the script] can be used to setup a local environment and execute the integration tests. Alternatively, the tests can be run against any live environment that meets the following requirements.\n\n\nRequirements:\n- Istio\n- Kiali\n- bookinfo demo app\n- error rates demo app\n\nlink:./hack/istio/install-testing-demos.sh[This script] can be used install all necessary demo applications for testing and supports deployments on both Openshift and non-Openshift enviroments.\n\n[source,shell]\n----\n# For frontend development, start the frontend development server, where `\u003ckiali-url\u003e` is the URL to the base Kiali UI location, such as `http://localhost:20001/kiali`:\nmake -e KIALI_PROXY_URL=http://\u003ckiali-url\u003e yarn-start\n\n# Start the cypress tests. The tests will run against the frontend development server by default.\n# Alternatively, a custom URL can be provided using environment variables:\n#\n# make -e CYPRESS_BASE_URL=http://\u003ckiali-url\u003e cypress-gui\nmake cypress-gui\n----\n\nNote that `make cypress-gui` runs the Cypress GUI, enabling the selection of individual tests to run. To execute the entire test suite in headless mode, use the `cypress-run` target instead.\n\n=== AI-Assisted Development Tooling\n\nThe link:https://github.com/kiali/ai-tools[kiali/ai-tools] repository contains shared Cursor rules and AI configuration used across Kiali repositories. To use them, clone the repo alongside the other Kiali repositories and create a symlink, similar to how the operator repo is linked:\n\n[source,shell]\n----\ncd $KIALI_SOURCES\ngit clone https://github.com/kiali/ai-tools.git\nln -s $KIALI_SOURCES/ai-tools/cursor/.cursor/rules kiali/.cursor/rules\n----\n\nThis makes the shared Cursor rules (`.mdc` files) available in the Kiali workspace. The symlink is gitignored — each developer sets it up locally.\n\n==== Code Reviewer Plugin\n\nThe project includes configuration for an AI-powered code review pipeline under `.cursor/code-reviewer/` and `.claude/code-reviewer/`. The pipeline runs three parallel review phases — adversarial (bugs, security, architecture), style (convention enforcement against the project's style guide), and testing (coverage gaps, test quality) — then consolidates findings into a single report with structured IDs and a verdict.\n\nFor Cursor users, the review pipeline is activated by typing `/code-reviewer:review` once the `ai-tools` symlink above is in place.\n\nFor Claude Code users, the code-reviewer plugin must be installed separately from link:https://github.com/openshift-service-mesh/ci-utils/tree/main/plugins/code-reviewer[openshift-service-mesh/ci-utils]. Once installed, run `/code-reviewer:review` to review your branch changes.\n\n=== MCP Server and LightSpeed (AI Chat Integration)\n\nKiali's AI Chat feature relies on two additional services that must be deployed before the chatbot is functional:\n\n* **MCP server** — exposes Kiali's API as tools that AI assistants can call to inspect the service mesh. Two variants are available: `kubernetes` (default) and `openshift`. Any running Kubernetes or OpenShift cluster with Istio and Kiali is sufficient.\n* **OpenShift LightSpeed** — the AI backend that receives chat queries, calls the configured LLM, and uses the MCP server for tool calling. Requires an OpenShift cluster (CRC recommended for local development) with cluster monitoring enabled.\n\nBoth services are managed by convenience scripts under `hack/`:\n\n[source,shell]\n----\n# 1. Install the MCP server (kubernetes provider by default)\n./hack/setup-mcp.sh install-mcp\n\n# 2. Install the LightSpeed service (OpenShift/CRC only)\n./hack/setup-osl.sh --openai-token sk-... install-lightspeed\n----\n\nFor full documentation, options, and deployment manifest details see:\n\n* link:./hack/mcp/README.md[hack/mcp/README.md] — MCP server setup guide\n* link:./hack/lightspeed/README.md[hack/lightspeed/README.md] — LightSpeed setup guide\n\n=== Debugging Server Backend\n\n==== VisualStudio Code\n\nFor VisualStudio Code, install the following `launcher.json` to launch the Kiali Server in the debugger. First, run the `hack/run-kiali.sh` script first to ensure that required services, such as Prometheus port-forward proxy, are running.\n\n[source,json]\n----\n{\n    // To use this, first run \"hack/run-kiali.sh --tmp-root-dir $HOME/tmp --enable-server false\"\n    // Pass in --help to that hack script for details on more options.\n    \"version\": \"0.2.0\",\n    \"configurations\": [\n        {\n            \"name\": \"Launch Kiali to use hack script services\",\n            \"type\": \"go\",\n            \"request\": \"launch\",\n            \"mode\": \"debug\",\n            \"program\": \"${workspaceRoot}/kiali.go\",\n            \"cwd\": \"${env:HOME}/tmp/run-kiali\",\n            \"args\": [\"-config\", \"${env:HOME}/tmp/run-kiali/run-kiali-config.yaml\"],\n            \"env\": {\n                \"KUBERNETES_SERVICE_HOST\": \"127.0.0.1\",\n                \"KUBERNETES_SERVICE_PORT\": \"8001\",\n                \"LOG_LEVEL\": \"trace\"\n            }\n        }\n    ]\n}\n----\n\n=== Debugging GUI Frontend\n\nThe Kiali GUI can be debugged directly in Google Chrome using Chrome Developer Tools or within Visual Studio Code.\n\nTo use either, some initial steps are required.\n\nFirst, start the Kiali Server backend, either within a cluster or by using the `run-kiali.sh` script as previously explained. Before proceeding, determine the Kiali URL. For example, when Kiali is run in Minikube with a port-forward set up to expose it, the URL to note will be`http://localhost:20001/kiali`.\n\nNext, run the GUI frontend using the following command: `make -e KIALI_PROXY_URL=\u003ckiali-url\u003e yarn-start` where `\u003ckiali-url\u003e` is the URL determined in the previous step. Additionally, if needed, pass `-e PORT=3001` to override the default port `3000`, which may conflict with Grafana if the Kiali Server was started using  `run-kiali.sh`. Some examples:\n\n* If the Kiali Server is running in minikube with a port-forward exposing it, then run `make -e KIALI_PROXY_URL=http://localhost:20001/kiali yarn-start`.\n* If the Kiali Server is running in OpenShift with the usual Kiali Route exposing it, then run `make -e KIALI_PROXY_URL=https://\u003cKiali-OpenShift-Route-IP\u003e/ yarn-start`.\n* If the Kiali Server is running locally via `run-kiali.sh`, then run `make -e KIALI_PROXY_URL=http://localhost:20001/kiali -e PORT=3001 yarn-start`.\n\nThe `yarn-start` make command will start the Kiali GUI frontend on a local endpoint. Once ready, check the output for the \"Local\" URL to access it. The output will resemble the following:\n\n```\nCompiled successfully!\n\nThe @kiali/kiali-ui can now be viewed in the browser.\n\n  Local:            http://localhost:3001\n  On Your Network:  http://192.168.1.15:3001\n...\n```\n\nAt this point, the debugger tool of choice can be set up - refer to the following sections for details.\n\n==== Google Chrome Developer Tools\n\nStart Google Chrome and point the browser to the local URL for the Kiali GUI frontend started by yarn-start (in the example above, that will be `http://localhost:3001`).\n\nIn Google Chrome, open the Developer Tools. Press `F12` or `Control-Shift-I` to do this.\n\nWithin the Developer Tools, navigate to the `Sources` tab, then the `Filesystem` sub-tab, and press the `+ Add folder to workspace` link. In the file selection dialog, select the Kiali `frontend/src` folder. This will inform Developer Tools where the Kiali GUI frontend source code can be found.\n\nAt this point, Google Chrome requires permission to access the local source code folder. A prompt will appear at the top of the browser window - click the \"Allow\" button to grant Chrome the necessary permissions.\n\nThe Kiali Server frontend is now ready for debugging. Breakpoints can be set, variables inspected, stack traces examined, and other typical debugging actions can be performed.\n==== VisualStudio Code\n\nFor VisualStudio Code, the following `launcher.json` can be installed to launch Google Chrome for debugging the Kiali Server GUI frontend. The `url`  setting should correspond to the local URL of the yarn-start server - ensuring the correct URL is used for the specific environment.\n\n\n[source,json]\n----\n{\n    \"version\": \"0.2.0\",\n    \"configurations\": [\n        {\n            \"name\": \"Launch Chrome\",\n            \"type\": \"chrome\",\n            \"request\": \"launch\",\n            \"url\": \"http://localhost:3001\",\n            \"webRoot\": \"${workspaceFolder}\"\n        }\n    ]\n}\n----\n\n== Configuration\n\nMany configuration settings can optionally be set within the Kiali Operator custom resource (CR) file. See link:https://github.com/kiali/kiali-operator/blob/master/deploy/kiali/kiali_cr.yaml[this example Kiali CR file] that has all the configuration settings documented.\n\n== Embedding Kiali\n\nTo embed Kiali in other applications, Kiali provides a feature called _Kiosk mode_. In this mode, the main header and navigation bar are not displayed.\n\nTo enable Kiosk mode, simply add a `kiosk=\u003cplatform_id\u003e` URL parameter. The full path of the page to be embedded must be used. For example, if Kiali is accessed via HTTPS:\n\n* To embed the _Overview_ page, use `https://_kiali_path_/overview?kiosk=console`.\n* To embed the _Graph_ page, use `https://_kiali_path_/graph/namespaces?kiosk=console`.\n* To embed the _Applications list_ page, use `https://_kiali_path_/applications?kiosk=console`.\n\nIf the page to be embedded includes other URL arguments, any of them can be specified to preset options. For example, to embed the graph of the _bookinfo_ namespace, use the following URL: `http://_kiali_path_/graph/namespaces?namespaces=bookinfo\u0026kiosk=console`.\n\n`\u003cplatform_id\u003e` value in the `kiosk` URL parameter will be used in future use cases to add conditional logic on embedded use cases, for now, any non empty value will enable the kiosk mode.\n\n== Configure External Services\n\n=== Grafana\n\nIf Grafana is installed in a custom manner that Kiali cannot automatically detect, the value of grafana \u003e url in the Kiali CR must be updated.\n\n[source,yaml]\n----\napiVersion: kiali.io/v1alpha1\nkind: Kiali\nmetadata:\n  name: kiali\nspec:\n...\n    external_services:\n      grafana:\n        url: http://grafana-istio-system.127.0.0.1.nip.io\n...\n----\n\n== Additional Notes\n\n=== Frontend development guidelines\n\nFrontend development guidelines (styles, i18n, etc.) can be found link:./frontend/README.adoc#developing[here]\n\n=== Upgrading Go\n\nThe Kiali project will periodically upgrade to a newer version of Go. These are the steps that need to be performed in order for the Kiali build to use a different version of Go:\n\n1. Run `go mod edit -go=x.y` where \"x\" and \"y\" are the major/minor versions of the Go version being used.\n2. Run `go mod tidy -v`\n3. Run `make clean build build-ui test` to ensure everything builds correctly. If any problems occur, fix them.\n4. Commit the changes to the working branch, create a PR, and make sure everything builds and works before merging the PR.\n\nThe Makefile and some Github Actions will check the go version from the go.mod file.\n\n=== Procedure to check and update patternfly versions\n\n1. Launch command `npx npm-check-updates -t latest -f '/^@patternfly/'`\n2. Launch `yarn install` in the `frontend/` directory to update the yarn.lock\n3. Add to the commit package.json and yarn.lock\n\nNOTE: Yarn is managed via link:https://nodejs.org/api/corepack.html[corepack]. Run `corepack enable` once before using `yarn`.\n\n=== Running the UI outside the cluster\n\nWhen developing the http://github.com/kiali/kiali/frontend[Kiali UI] running it outside of the cluster can be helpful for easily updating the UI code and viewing changes without needing to re-deploy. The preferred method for this is to use React's _proxy_ feature, as outlined https://github.com/kiali/kiali/blob/master/frontend/README.adoc#developing[here]. Alternatively, the `make -e KIALI_PROXY_URL=\u003curl\u003e yarn-start` command can be used, where `\u003curl\u003e` points to the Kiali backend.\n\n=== Disabling SSL\n\nIn the provided OpenShift templates, SSL is enabled by default. To disable it, the following steps should be taken:\n\n* Remove the \"tls: termination: reencrypt\" option from the Kiali route\n\n* Remove the \"identity\" block, with certificate paths, from the Kiali Config Map.\n\n* Optionally, the annotation \"service.beta.openshift.io/serving-cert-secret-name\" can be removed from the Kiali Service, along with the related `kiali-cabundle` volume declared and mounted in Kiali Deployment. However, if not removed, these will simply be ignored.\n\n== Exposing Kiali to External Clients Using Istio Gateway\n\nThe operator will create a Route or Ingress by default (see the Kiali CR setting \"deployment.ingress_enabled\"). To expose Kiali via Istio, Gateway, Virtual Service, and Destination Rule resources can be created, as shown below:\n\n[source,yaml]\n----\n---\napiVersion: networking.istio.io/v1\nkind: Gateway\nmetadata:\n  name: kiali-gateway\n  namespace: istio-system\nspec:\n  selector:\n    istio: ingressgateway\n  servers:\n  - port:\n      number: 80\n      name: http-kiali\n      protocol: HTTP\n    # https://istio.io/latest/docs/reference/config/networking/gateway/#ServerTLSSettings\n    tls:\n      httpsRedirect: false\n    hosts: [\u003cyour-host\u003e]\n  - port:\n      number: 443\n      name: https-kiali\n      protocol: HTTPS\n    tls: {}\n    hosts: [\u003cyour-host\u003e]\n...\n---\napiVersion: networking.istio.io/v1\nkind: VirtualService\nmetadata:\n  name: kiali-virtualservice\n  namespace: istio-system\nspec:\n  gateways:\n  - kiali-gateway\n  hosts: [\u003cyour-host\u003e]\n  http:\n  - route:\n    - destination:\n        host: kiali.istio-system.svc.cluster.local\n        port:\n          number: 20001\n      weight: 100\n...\n---\napiVersion: networking.istio.io/v1\nkind: DestinationRule\nmetadata:\n  name: kiali-destinationrule\n  namespace: istio-system\nspec:\n  host: kiali\n  trafficPolicy:\n    tls:\n      mode: DISABLE\n...\n----\n\n== Stargazers over time\n\nimage:https://starchart.cc/kiali/kiali.svg?variant=adaptive[\"Stargazers over time\",link=\"https://starchart.cc/kiali/kiali\"]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiali%2Fkiali","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkiali%2Fkiali","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkiali%2Fkiali/lists"}