# Integrating Kubescape

Kubescape is a security tool designed for Kubernetes environments. It is used to assess the security posture of your Kubernetes clusters by identifying potential vulnerabilities and misconfigurations. It scans the cluster configuration and resources, looking for security issues, vulnerabilities, and best practice violations.

### Usage of Kubescape in Delivery Shield

* Kubescape scans your Kubernetes cluster to detect issues based on the following security frameworks:
  * CIS Benchmark for Kubernetes
  * MITRE ATT\&CK
  * NSA CISA
* Delivery Shield uses Kubescape to perform security analysis on your Kubernetes cluster. It runs security scans on clusters before deployment and block the deployments in insecure clusters.
* The scanned results help in calculating the overall image and application risk. These results are available in the **Deploy** section of the [DBOM](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/delivery-bill-of-materials-dbom) page as well as in the [View Open Security Issues ](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/view-security-posture/view-open-security-issues)page. 

### To Integrate Kubescape 

You can integrate Kubescape in your cluster as well. Follow the steps given below:

1. Create a Kubescape secret in the SSD namespace and store the target cluster's kubeconfig file in it using the following command. 

{% code overflow="wrap" %}

```
kubectl create secret generic <Secret name> --from-file=<Path to Kubeconfig> -n <SSD Namespace>
```

{% endcode %}

{% hint style="info" %}
You can use the same secret created while installing the kube-detector service. &#x20;
{% endhint %}

2. Open the downloaded kubescape file, and update the following fields.&#x20;

* **secretName** - The name of the secret created in the previous step.
* **key** - The key in the secret that points to the kubeconfig data.&#x20;
* **path** - The value in the secret that points to the kubeconfig.    &#x20;

<figure><img src="https://lh7-us.googleusercontent.com/docsz/AD_4nXfXmp9cFLV-OvajfLlJUXZoTCJWV5EtwfL1Dk36uwLnE5R7_wBAzcwdG03z0yPJQCR_rEAeh47P2vk4aRrNsAorcdLuDbg-yhXvLb8Goq0Y77XCCvbQg5a3M5pZfutWeMO3HGhnRK85SsVBGjjBCRjp_E4?key=kukZZ60M_tCuFA03ihGwWw" alt=""><figcaption></figcaption></figure>

3. Now apply the updated kubescape file in the SSD namespace by executing the command given below:

```
kubectl apply -f <Path to file> -n <namespace>
```

4. The kubescape is integrated in SSD.&#x20;

You should see the kubescape pod is up and running into your SSD ns:\
\&#xNAN;*kubescape-service-qluat-d77dfd45f-vkq2l     1/1     Running     0   4h28m*<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/ssd/security-risk-and-prioritization/getting-started/integration-with-kubernetes-cluster/integrating-kubescape.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.