Kubernetes security platform spanning IDEs, CI/CD pipelines, and live clusters
- Stars11.5k
- Forks951
- Open Issues76
Apache-2.0
- Go
- Python
- Shell
About Kubescape
Kubescape is a Kubernetes security platform that finds security, compliance, and misconfiguration issues across the whole lifecycle, from the IDE through CI/CD to running clusters. It covers workload posture, control-plane exposure, access-control risk, and runtime security.
It scans against built-in frameworks such as NSA, MITRE ATT&CK, and CIS, or against specific controls. Image vulnerability scanning uses Grype, with an offline database option, and it can patch container images for OS-level CVEs and flag gaps in network policy.
An in-cluster operator runs continuous misconfiguration and image scanning, eBPF-based runtime threat detection, network policy generation, and Prometheus metrics. It works as a standalone CLI or as the operator, and is a CNCF project under the Apache 2.0 license.
Key features
- Scans posture, compliance, and misconfigurations
- Framework scans for NSA, MITRE, and CIS controls
- Grype-based image vulnerability scanning and patching
- eBPF runtime threat detection via in-cluster operator
- Network policy generation and Prometheus metrics
Details
- First released
- 2021
- Platforms
- Linux · macOS · CLI · Docker
- Self-hosting
- In-cluster operator and CLI
- Compliance
- MITRE · NSA · CIS
- Deployment
- self-hostable
- License
- Apache 2.0