kubescape
by kubescape
Kubescape is an open-source Kubernetes security platform that performs risk analysis, compliance auditing, and misconfiguration scanning across development and runtime environments.
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
Primary Use Case
Kubescape is used by Kubernetes users and administrators to assess and improve the security posture of their clusters, YAML files, and Helm charts. It integrates with IDEs, CI/CD pipelines, and runtime environments to detect vulnerabilities and compliance issues based on multiple security frameworks, helping teams automate security checks and reduce manual effort.
- Scans Kubernetes clusters, YAML files, and Helm charts for security issues
- Detects misconfigurations based on NSA-CISA, MITRE ATT&CK®, and CIS Benchmark frameworks
- Provides risk analysis, compliance auditing, and posture management
- Supports integration with IDEs and CI/CD pipelines
- Open-source and CNCF incubating project
- Offers runtime security capabilities
- Generates comprehensive security reports
- Command line tool for quick security posture assessment
Installation
- Visit the GitHub releases page to download the latest version: https://github.com/kubescape/kubescape/releases
- Download the appropriate binary for your OS
- Make the binary executable (e.g., chmod +x kubescape)
- Move the binary to a directory in your PATH (e.g., /usr/local/bin)
- Verify installation by running 'kubescape version'
Usage
>_ kubescape scan framework nsaScans the Kubernetes cluster using the NSA-CISA framework to detect security misconfigurations.
>_ kubescape scan .Scans local YAML files in the current directory for security issues.
>_ kubescape scan helmchart <chart-path>Scans a Helm chart for security misconfigurations and compliance.
>_ kubescape versionDisplays the installed Kubescape version.
- Integrate Kubescape scans into CI/CD pipelines to enforce security gates before deployment.
- Use Kubescape's compliance reports to automate audit readiness for Kubernetes environments.
- Combine Kubescape with runtime security tools to correlate static misconfiguration findings with live threat detection.
- Leverage Kubescape's IDE integration to educate developers on secure Kubernetes manifest creation.
- Employ Kubescape in purple team exercises to simulate attacker reconnaissance and defense evasion tactics on Kubernetes clusters.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about kubescape. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
portainer
portainer/portainer
Making Docker and Kubernetes management easy.
slim
slimtoolkit/slim
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
kube-bench
aquasecurity/kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
kubernetes-learning-path
techiescamp/kubernetes-learning-path
A roadmap to learn Kubernetes from scratch (Beginner to Advanced level)
kata-containers
kata-containers/kata-containers
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
podman-desktop
podman-desktop/podman-desktop
Podman Desktop is the best free and open source tool to work with Containers and Kubernetes for developers. Get an intuitive and user-friendly interface to effortlessly build, manage, and deploy containers and Kubernetes — all from your desktop.