Spotter

From: https://github.com/madhuakula/spotter

Spotter is a comprehensive Kubernetes security scanner that uses CEL-based rules to identify security vulnerabilities, misconfigurations, and compliance violations across your Kubernetes clusters, manifests, and CI/CD pipelines.

Built with extensibility and performance in mind, Spotter uses the Common Expression Language (CEL) for flexible rule definitions and supports multiple output formats including SARIF for seamless CI/CD integration.

Features:

Security scanning – Rules covering OWASP Kubernetes Top 10, CIS Kubernetes Benchmark, and NSA/CISA guidelines; custom rules via CEL; multi-resource support (Pods, Deployments, Services, ConfigMaps, Secrets, etc.); real-time cluster scanning

Performance – Concurrent processing, memory-efficient, configurable workers

Output – Table, JSON, YAML, SARIF; CI/CD integration (e.g. GitHub Security tab)

Modes – Scan manifests, live cluster, Helm charts; admission controller deployment

Install via go install, Docker, or binary from GitHub Releases. Supports custom rules, YAML config, and extensible architecture.

List of Sessions

Spotter – Universal Kubernetes Security Engine

Spotter – Universal Kubernetes Security Scanner & Policy Enforcer