github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 09:59:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
21 Commits 20 Branches 551 Tags
d102789a35a17ca3061eb3de00e4c417f5664aa4
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Benyamin Hirschberg d102789a35 Update README.md
2021-08-15 21:34:01 +03:00
.github/workflows
Update build.yaml
2021-08-12 16:15:31 +03:00
cautils
initial commit
2021-08-12 16:01:26 +03:00
docs
updating image + gif v
2021-08-15 21:19:56 +03:00
inputhandler/clihandler
remove mitre
2021-08-12 18:07:47 +03:00
opaprocessor
update description and validate input
2021-08-12 18:01:43 +03:00
policyhandler
initial commit
2021-08-12 16:01:26 +03:00
printer
update description and validate input
2021-08-12 18:01:43 +03:00
.gitignore
update install
2021-08-12 16:24:04 +03:00
.gitmodules
initial commit
2021-08-12 16:01:26 +03:00
go.mod
initial commit
2021-08-12 16:01:26 +03:00
install.sh
remove mitre
2021-08-12 18:07:47 +03:00
LICENSE
add LICENSE
2021-08-12 16:06:41 +03:00
main.go
initial commit
2021-08-12 16:01:26 +03:00
README.md
Update README.md
2021-08-15 21:34:01 +03:00

README.md

logo

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

TL;DR

Installation

To install the tool locally, run this:

curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash

Run

To get a fast check of the security posture of your Kubernetes cluster, run this:

kubescape scan framework nsa

Status

build

How to build

go mod tidy && go build -o kubescape 🤪

Under the hood

Tests

Kubescape is running the following tests according to what is defined by Kubernetes Hardening Guidance by to NSA and CISA

  • Non-root containers
  • Immutable container filesystem
  • Building secure container images
  • Privileged containers
  • hostPID, hostIPC privileges
  • hostNetwork access
  • allowedHostPaths field
  • Protecting pod service account tokens
  • Pods in kube-system and kube-public
  • Resource policies
  • Control plane hardening
  • Encrypted secrets
  • Anonymous Requests

Technology

Kubescape based on OPA engine: https://github.com/open-policy-agent/opa and ARMO's posture controls.

The tools retrieves Kubernetes objects from the API server and runs a set of regos snippets developed by ARMO.

The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.

Kubescape is an open source project, we welcome your feedback and ideas for improvement. Were also aiming to collaborate with the Kubernetes community to help make the tests themselves more robust and complete as Kubernetes develops.

Reference in New Issue View Git Blame Copy Permalink
Description
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
best-practicedevopskubernetesmitre-attacknsasecurityvulnerability-detection
Readme Apache-2.0 116 MiB
Languages
Go 98.6%
Python 0.6%
Shell 0.6%
PowerShell 0.2%