Skip to content

kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA (https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)

License

Notifications You must be signed in to change notification settings

fengshunli/kubescape

 
 

Repository files navigation

Version build Go Report Card Gitpod Ready-to-Code GitHub CNCF Twitter Follow

Kubescape

Kubescape logo

An open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters

Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.

Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including NSA-CISA, MITRE ATT&CK® and the CIS Benchmark).

Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) sandbox project.

Demo

Please star ⭐ the repo if you want us to continue developing and improving Kubescape! 😀

Getting started

Experimenting with Kubescape is as easy as:

curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash

Learn more about:

Did you know you can use Kubescape in all these places?

Places you can use Kubescape: in your IDE, CI, CD, or against a running cluster.

Under the hood

Kubescape uses Open Policy Agent to verify Kubernetes objects against a library of posture controls.

By default, the results are printed in a console-friendly manner, but they can be:

  • exported to JSON or junit XML
  • rendered to HTML or PDF
  • submitted to a cloud service

It retrieves Kubernetes objects from the API server and runs a set of Rego snippets developed by ARMO.

Community

Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and are building more tests and controls as the ecosystem develops.

We hold community meetings on Zoom, on the first Tuesday of every month, at 14:00 GMT.

The Kubescape project follows the CNCF Code of Conduct.

Contributions

Thanks to all our contributors! Check out our CONTRIBUTING file to learn how to join them.


License

Copyright 2021-2023, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the LICENSE file for details.

Kubescape is a Cloud Native Computing Foundation (CNCF) sandbox project and was contributed by ARMO.

CNCF Sandbox Project

About

kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA (https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 98.0%
  • Python 1.3%
  • Shell 0.2%
  • Batchfile 0.2%
  • Dockerfile 0.1%
  • PowerShell 0.1%
  • Other 0.1%