Kubescape is an open source security and compliance platform that scans clusters, Kubernetes manifest files (YAML files, and Helm charts), code repositories, container registries and images. It detects misconfigurations according to frameworks such as the NSA-CISA, MITRE ATT&CK® and CIS, as well as software vulnerabilities, and calculates risk scores.
An open-source Kubernetes security platform for your clusters, CI/CD pipelines, and IDE that seperates out the security signal from the scanner noise
Kubescape is an open-source Kubernetes security platform, built for use in your day-to-day workflow, by fitting into your clusters, CI/CD pipelines and IDE. It serves as a one-stop-shop for Kuberenetes security and includes vulnerability and misconfiguration scanning. You can run scans via the CLI, or add the Kubescape Helm chart, which gives an in-depth view of what is going on in the cluster.
Kubescape includes misconfiguration and vulnerability scanning as well as risk analysis and security compliance indicators. All results are presented in context and users get many cues on what to do based on scan results.Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.
Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including NSA-CISA, MITRE ATT&CK® and the CIS Benchmark).
Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) sandbox project.
Demo
Please star ⭐ the repo if you want us to continue developing and improving Kubescape! 😀
Getting started
Experimenting with Kubescape is as easy as:
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
Learn more about:
Did you know you can use Kubescape in all these places?
<a href="https://github.com/kubescape/kubescape/blob/master/docs/img/ksfromcodetodeploy.png" rel="nofollow"></a>
Under the hood
Kubescape uses Open Policy Agent to verify Kubernetes objects against a library of posture controls.
By default, the results are printed in a console-friendly manner, but they can be:
It retrieves Kubernetes objects from the API server and runs a set of Rego snippets developed by ARMO.
Community
Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and are building more tests and controls as the ecosystem develops.
We hold community meetings on Zoom, on the first Tuesday of every month, at 14:00 GMT. (See that in your local time zone).
The Kubescape project follows the CNCF Code of Conduct.
Adopters
See here a list of adopters.
Contributions
Thanks to all our contributors! Check out our CONTRIBUTING file to learn how to join them.
Changelog
Kubescape changes are tracked on the release page
License
Copyright 2021-2023, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the LICENSE file for details.
Kubescape is a Cloud Native Computing Foundation (CNCF) sandbox project and was contributed by ARMO.
<a href="https://raw.githubusercontent.com/cncf/artwork/master/other/cncf-sandbox/horizontal/color/cncf-sandbox-horizontal-color.svg" rel="nofollow"></a>
Twice a month we will interview people behind open source businesses. We will talk about how they are building a business on top of open source projects.
We'll never share your email with anyone else.