kubescape is a tool for testing Kubernetes clusters against industry accepted security standards and recomendations like:

• NSA hardening for Kubernetes operators see here
• MITRE threat matrix for Kubernetes see here

TL;DR

Installation

To install the tool locally, run this:

curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash

Run

To get a fast check of the security posture of your Kubernetes cluster, run this:

kubescape scan framework nsa

Status

How to build

go mod tidy && go build -o kubescape 🤪

Under the hood

Tests

Defining the tests here...

Technology

Kubescape based on OPA engine: https://github.com/open-policy-agent/opa and ARMO's posture controls.

The tools retrieves Kubernetes objects from the API server and runs a set of regos snippets developed by (ARMO)[https://www.armosec.io/].

The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.