Kubescape

An open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters

Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.

Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including NSA-CISA, MITRE ATT&CK® and the CIS Benchmark).

Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) sandbox project.

Demo

Please star ⭐ the repo if you want us to continue developing and improving Kubescape! 😀

Getting started

Experimenting with Kubescape is as easy as:

curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash

Learn more about:

Did you know you can use Kubescape in all these places?

Places you can use Kubescape: in your IDE, CI, CD, or against a running cluster.

Under the hood

Kubescape uses Open Policy Agent to verify Kubernetes objects against a library of posture controls.

By default, the results are printed in a console-friendly manner, but they can be:

exported to JSON or junit XML
rendered to HTML or PDF
submitted to a cloud service

It retrieves Kubernetes objects from the API server and runs a set of Rego snippets developed by ARMO.

Community

Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and are building more tests and controls as the ecosystem develops.

We hold community meetings on Zoom, on the first Tuesday of every month, at 14:00 GMT. (See that in your local time zone).

The Kubescape project follows the CNCF Code of Conduct.

Adopters

See here a list of adopters.

Contributions

Thanks to all our contributors! Check out our CONTRIBUTING file to learn how to join them.

Feel free to pick a task from the issues, roadmap or suggest a feature of your own.
Open an issue: we aim to respond to all issues within 48 hours.
Join the CNCF Slack and then our users or developers channel.

Changelog

Kubescape changes are tracked on the release page

License

Kubescape is a Cloud Native Computing Foundation (CNCF) sandbox project and was contributed by ARMO.

Name		Name	Last commit message	Last commit date
Latest commit History 2,680 Commits
.github		.github
build		build
cmd		cmd
core		core
docs		docs
examples		examples
git2go @ eae0077		git2go @ eae0077
httphandler		httphandler
internal/testutils		internal/testutils
pkg/imagescan		pkg/imagescan
smoke_testing		smoke_testing
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
.golangci.yml		.golangci.yml
.krew.yaml		.krew.yaml
ADOPTERS.md		ADOPTERS.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
GOVERNANCE.md		GOVERNANCE.md
LICENSE		LICENSE
MAINTAINERS.md		MAINTAINERS.md
Makefile		Makefile
README.md		README.md
SECURITY-INSIGHTS.yml		SECURITY-INSIGHTS.yml
SECURITY.md		SECURITY.md
build.ps1		build.ps1
build.py		build.py
go.mod		go.mod
go.sum		go.sum
install.ps1		install.ps1
install.sh		install.sh
main.go		main.go

License

sulemaanhamza/kubescape

Folders and files

Latest commit

History

Repository files navigation

Kubescape

Demo

Getting started

Under the hood

Community

Adopters

Contributions

Changelog

License

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Languages