$crond.io

Installing the agent

The crond-agent CLI wraps any command and reports its exit code, duration, and output to crond.io. Pick whichever install method matches your environment — every method ships the same binary built from the same tag.

Looking for managed cron monitoring without any host install? Start with a plain HTTP ping — the agent is only needed when you want exit-code + output reporting.

One-line install (Linux / macOS / FreeBSD)

The script auto-detects your OS and CPU architecture, downloads the matching release tarball, and verifies its SHA-256 checksum before installing to /usr/local/bin.

curl -sSfL https://get.crond.io | sh

For air-gapped mirrors or stronger guarantees, the installer reads a few environment variables:

Env varDefaultEffect
INSTALL_DIR/usr/local/binDestination dir; sudo is used when not writable
INSTALL_REQUIRE_SIGunsetAbort if cosign keyless signature can't be verified
INSTALL_SKIP_CHECKSUMunsetSkip SHA-256 and cosign verification — only for trusted air-gapped mirrors

See Security for the full signature-verification walkthrough.

Homebrew (macOS + Linuxbrew)

brew install platops-security/tap/crond-agent

The formula resolves the latest release for your arch (Intel / Apple Silicon / Linux x86_64 / Linux aarch64), verifies its SHA-256, and drops the binary in your brew --prefix.

Debian / Ubuntu (.deb)

# pick your arch:
ARCH=$(dpkg --print-architecture)     # amd64 or arm64
VERSION=0.2.0
curl -sSfLO "https://github.com/platops-security/crond-io/releases/download/v${VERSION}/crond-agent_${VERSION}_linux_${ARCH}.deb"
sudo dpkg -i "crond-agent_${VERSION}_linux_${ARCH}.deb"

The package installs /usr/bin/crond-agent, drops an example config at /etc/crond-agent/config.yaml, and places a sample cron.d entry at /usr/share/doc/crond-agent/cron.d.example.

RHEL / Fedora / Amazon Linux (.rpm)

# pick your arch:
ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')
VERSION=0.2.0
curl -sSfLO "https://github.com/platops-security/crond-io/releases/download/v${VERSION}/crond-agent_${VERSION}_linux_${ARCH}.rpm"
sudo rpm -i "crond-agent_${VERSION}_linux_${ARCH}.rpm"

Docker / OCI

A scratch-based image (~3-10 MB) is published per release and as a rolling :nightly tag built from main:

docker pull ghcr.io/platops-security/crond-io/agent:0.2.0
# or:
docker pull ghcr.io/platops-security/crond-io/agent:latest
docker pull ghcr.io/platops-security/crond-io/agent:nightly

Multi-arch manifest covers linux/amd64 and linux/arm64. The image entrypoint is /crond-agent — see CLI Usage for runtime flags.

Kubernetes (Helm chart)

For Kubernetes CronJob monitoring use the chart, not a host install — it sets up a shared volume + init container so the agent ships into your jobs without changing your container images:

helm install crond-agent \
  oci://ghcr.io/platops-security/crond-io/charts/crond-agent \
  --version 0.2.0 \
  --namespace my-jobs --create-namespace \
  --set pingKeys.PING_KEY_BACKUP=<your-uuid>

Full walkthrough in Kubernetes.

Manual download (tar.gz)

Useful for FreeBSD, Alpine, or any environment where the package manager and script paths above don't apply:

VERSION=0.2.0
OS=linux        # linux | darwin | freebsd
ARCH=amd64      # amd64 | arm64

curl -sSfLO "https://github.com/platops-security/crond-io/releases/download/v${VERSION}/crond-agent_${VERSION}_${OS}_${ARCH}.tar.gz"
tar xzf "crond-agent_${VERSION}_${OS}_${ARCH}.tar.gz"
sudo mv crond-agent /usr/local/bin/
crond-agent version

What to do next

  • CLI usage — wrap a command, all the flags and env vars
  • Kubernetes — wrapper macros for CronJob specs
  • Security — verify the downloaded artifacts against the release workflow's keyless cosign signature