scanning-kubernetes-manifests-with-kubesec

Featured

Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and deviations from security best practices.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Scanning Kubernetes Manifests with Kubesec ## Overview Kubesec is an open-source security risk analysis tool developed by ControlPlane that inspects Kubernetes resource manifests for common exploitable risks such as privilege escalation, writable host mounts, and excessive capabilities. It assigns a numerical security score to each resource and provides actionable recommendations for hardening. Kubesec can be used as a CLI binary, Docker container, kubectl plugin, admission webhook, or REST API endpoint. ## When to Use - When conducting security assessments that involve scanning kubernetes manifests with kubesec - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Kubernetes manifest files (YAML/JSON) for Deployments, Pods, DaemonSets, StatefulSets - Docker or Go runtime for local installation - kubectl access for scanning live cluster resources - CI/CD pipeline access for automated scanning integration ## Core Concepts ### Security Scoring System Kubesec assigns a score to each Kubernetes resource based on security checks: - **Positive scores**: Awarded for security-enhancing configurations (readOnlyRootFilesystem, runAsNonRoot) - **Zero or negative scores**: Indicate missing security controls or dangerous configurations - **Critical advisories**: Flagged configurations that represent immediate s...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Kubernetes · Infrastructure REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Listed

k8s-security

Kubernetes security review — RBAC discipline, Pod Security Standards (baseline/restricted), NetworkPolicy default-deny, admission controllers (Kyverno/Gatekeeper/VAP), External Secrets Operator, and runtime monitoring via Falco and audit logs.

4 Updated 1 weeks ago
roodlicht
DevOps & Infrastructure Featured

performing-kubernetes-penetration-testing

Kubernetes penetration testing systematically evaluates cluster security by simulating attacker techniques against the API server, kubelet, etcd, pods, RBAC, network policies, and secrets. Using tools

12,642 Updated today
mukul975
DevOps & Infrastructure Listed

kubernetes

Kubernetes manifest generation, review, security hardening, and best practices for production workloads

1 Updated 1 months ago
DiegoBulhoes
AI & Automation Solid

container-security-scanner

Container image and Kubernetes security scanning for CVEs, misconfigurations, and compliance

1,034 Updated today
a5c-ai
DevOps & Infrastructure Listed

kubernetes-manifest-audit

Audit Kubernetes manifests, Helm charts, and Kustomize overlays against CIS Kubernetes Benchmark and NSA/CISA hardening — pod security, resources, probes, RBAC, networking, secrets, availability. Static, live, apply, runtime modes.

3 Updated 4 days ago
anthril