Kubescape
Last updated
Was this helpful?
Last updated
Was this helpful?
Kubescape is a security tool designed for Kubernetes environments. It is used to assess the security posture of your Kubernetes clusters by identifying potential vulnerabilities and misconfigurations. It scans the cluster configuration and resources, looking for security issues, vulnerabilities, and best practice violations.
Kubescape scans your Kubernetes cluster to detect issues based on the following security frameworks:
CIS Benchmark for Kubernetes
MITRE ATT&CK
NSA CISA
Delivery Shield uses Kubescape to perform security analysis on your Kubernetes cluster. It runs security scans on clusters before deployment and block the deployments in insecure clusters.
The scanned results help in calculating the overall image and application risk. These results are available in the Deploy section of the page as well as in the page.
You can integrate Kubescape in your cluster as well. Follow the steps given below:
Create a Kubescape secret in the SSD namespace and store the target cluster's kubeconfig file in it using the following command.
Open the downloaded remote file, and update the following fields.
secretName - The name of the secret created in the previous step.
key - The key in the secret that points to the kubeconfig data.
path - The value in the secret that points to the kubeconfig.
Now apply the updated kubescape file in the SSD namespace by executing the command given below:
The kubescape is integrated in SSD.
You should see the kubescape pod is up and running into your SSD ns: kubescape-service-qluat-d77dfd45f-vkq2l 1/1 Running 0 4h28m