From: https://github.com/krishpyishere/k8ssecurity
Agent that checks security aspects of the cluster and rate severities.
A comprehensive security scanning tool for Kubernetes clusters that identifies security issues, misconfigurations, and potential vulnerabilities, aligned with the CKS (Certified Kubernetes Security Specialist) curriculum.
Features β The scanner performs security checks across five major domains:
- Cluster Setup and Hardening β CIS Benchmark, Admission Controller, RBAC, Network Policy
- System Hardening β Node Security, Runtime Security, gVisor
- Minimize Microservice Vulnerabilities β Container Security, Pod Security, Secrets Management
- Supply Chain Security β Image Security, SBOM
- Runtime Security β Audit, Falco
Integrates with kube-bench, Trivy, Syft, Grype, and optionally Falco. Supports optional SBOM checks and configurable checkers via config file or environment variables.
