kube-audit-kitlisted

Performs read-only Kubernetes security audits by exporting resources, sanitizing metadata, grouping applications by topology, and generating PSS/NSA-compliant audit reports. Use when the user requests auditing Kubernetes clusters, Namespaces, security reviews, or configuration analysis.
crazygit/kube-audit-kit · ★ 29 · Data & Documents · score 69

Install: claude install-skill crazygit/kube-audit-kit

# Kube Audit Kit - Read-Only Kubernetes Security Audit Toolkit This Skill uses a standardized, scripted workflow to export Kubernetes cluster resources in **read-only** mode, sanitize them, group applications, and perform a deep security audit. The entire process strictly follows the **read-only** principle and does not modify any cluster state. ## Core Principles - **Read-only**: only `get/list` operations, never `apply/patch/delete` - **Full coverage**: dynamically discover all resource types without hardcoding lists - **Scripted**: core logic runs through Python scripts for stability ## Quick Start ### Prerequisites 1. **Environment setup**: ```bash uv sync ``` See [SETUP.md](SETUP.md) for details. 2. **Verify kubectl**: ```bash kubectl config get-contexts ``` ### Run an audit When a user requests an audit, follow these steps strictly: **Set the output directory first** (important!): ```bash # Set the output directory to output/ under the current working directory # This ensures output files are generated in the user's working directory, not the SKILL install directory export KUBE_AUDIT_OUTPUT="$(pwd)/output" ``` **Use the progress checklist**: ``` Audit progress: - [ ] Step 1: Export - Dynamic discovery and full resource export - [ ] Step 2: Sanitize - Remove metadata and status fields - [ ] Step 3: Group - Associate applications by workload topology - [ ] Step 4: Audit - Dual-layer security audit ``` #### Step 1: Export ```bash # Kee