Skip to content

Announcements

Kubescape Now Supports CIS Kubernetes Benchmark v1.10

We're happy to announce that Kubescape has upgraded it's securiy controls to align with the latest CIS Kubernetes Benchmark v1.10. Thus, helping you strengthen your cluster security posture with industry-recognized standards.

What's New in CIS Kubernetes Benchmark v1.10?

The CIS Kubernetes Benchmark v1.10.0 delivers significant enhancements to address the evolving security landscape:

  • Comprehensive security recommendations tailored to counter emerging threats
  • Broader component coverage across your Kubernetes infrastructure
  • Clearer control documentation to improve implementation accuracy

Key Improvements Include:

Automated Assessment Content (AAC): Full integration with AAC and expanded compatibility with Kubernetes versions 1.30 and 1.31, streamlining your compliance verification process.

Enhanced Recommendations: 27 recommendations have undergone thorough revision to their audit and remediation procedures.

Upgraded Cryptographic Standards: Modernized cipher specifications that enforce more robust encryption requirements

Refined Security Context Variables: Updated terminology around 'securityContext' variables to facilitate proper security configuration

How Kubescape Empowers Your Compliance Journey

With Kubescape's implementation of CIS v1.10, you can:

  • Perform detailed compliance assessments against the latest benchmark
  • Quickly identify compliance gaps between previous and current requirements
  • Follow clear, practical remediation guidance to address vulnerabilities

Take Action Today

Ready to strengthen your Kubernetes security posture? Try Kubescape now to run your first CIS v1.10 compliance scan. See how your clusters measure up against the latest security standards.

Our community forums and documentation are available to support your implementation journey. Join us in making Kubernetes environments more secure, one cluster at a time.

Join the Kubescape community

We welcome your feedback and ideas for improvement. We hold community meetings on Zoom, on the first Tuesday of every month, at 14:00 GMT.

Thanks to all our contributors! Check out our CONTRIBUTING file to learn how to join them.

The Kubescape project follows the CNCF Code of Conduct.

Kubescape's Journey to Incubation: Celebrating our Community and a Secure Kubernetes Future

We are thrilled to share that Kubescape has officially been accepted as a CNCF Incubating project. This milestone is a significant achievement for the project. Kubescape began in 2021 as a fun project to scan for compliance with NSA-CISA Kubernetes hardening guidelines. What started as a security scanner, helping Devlopers and DevOps teams implement better Kubernetes security practices, evolved into a full security platform. Still helping security Kubernetes environments 😉

From the very beginning, Kubescape was built with the cloud-native community in mind. It started as a simple CLI tool designed to check cluster configurations against NSA-CISA Kubernetes Hardening Guidance. Over time, with the support of a rapidly growing community, Kubescape has evolved into one of the most complete open-source solutions for Kubernetes security. We are proud to have contributed to its development alongside contributors in the Kubescape community, and to see so many adopters leveraging Kubescape in their day-to-day workflows.

The Kubescape community has been a driving force behind this success. It’s not just the maintainers and contributors that we celebrate but the many users who have adopted and integrated Kubescape into their environments. Companies like Intel, AWS, Bitnami, ARMO, and Energi Danmark are just a few of the organizations using Kubescape. Some use Kubescape to secure their Kubernetes clusters. Others leverage it for educational purposes. Other use cases that go beyond what we imagined when we made our first commit. We are grateful for the trust that these adopters, along with hundreds of others, have shown in Kubescape.

As we look toward the future, the Kubescape project is poised for even greater growth. Our roadmap is not just about adding more features, but about continuing to improve usability and optimizing the performance of the platform. We are excited to welcome new contributors and users into the fold as we continue on the hamster-wheel of Kubernetes security.

The Kubescape community is our foundation, and we are committed to fostering a collaborative and inclusive environment where all contributions are valued. With the incredible support of the Cloud Native Computing Foundation (CNCF) and the broader Kubernetes community, we are determined to demonstrate sustained growth, strong governance, and broad adoption on our journey toward CNCF graduation. We believe that this is just the beginning, and we are eager to see where the future takes us.

Together, with the support of these vibrant communities, Kubescape will continue to evolve and grow, offering better security, deeper insights, and an ever-expanding set of features. We invite everyone - whether you are an adopter, contributor, or newcomer - to join us in shaping the future of Kubernetes security.

Join the Kubescape community

We welcome your feedback and ideas for improvement. We hold community meetings on Zoom, on the first Tuesday of every month, at 14:00 GMT.

Thanks to all our contributors! Check out our CONTRIBUTING file to learn how to join them.

The Kubescape project follows the CNCF Code of Conduct.

Kubescape: The 1st Open Source project to support VEX Generation

Introduction

Vulnerability Exploitability eXchange (VEX) is a vulnerability document designed to complement a Software Bill of Materials (SBOM). It informs users of a software product about the applicability of one or more vulnerability findings.

Security scanners will detect and flag components in software that have been identified as being vulnerable. Often, software is not necessarily affected as signaled by security scanners for many reasons.

For example:

  • The vulnerable component may have been already patched,

  • The vulnerable component may not be present

  • The vulnerable code is not actually executed.

The extreme transparency brought by SBOMs into how software is composed will most likely increase the number of these kinds of false positives, requiring an automated solution to avoid an explosion in the false positive rate of security scans. Hence VEX.

Using VEX is a way to turn down the noise, and give security practitioners a good strong signal, a scanner may consume VEX data from the software supplier. However, it is time-consuming to write a VEX document and since it is imperative these documents stay current, it is a never ending task. The solution to this must come via automation.

Are you running Kubescape? Want to help us get to incubation in the CNCF? Please help us by filling in our three-question survey!

Kubescape 3.0: Introducing Workload Scanning

Kubescape 3.0 introduces workload scanning, which allows you to comprehensively report on the security posture of individual workloads running in a Kubernetes cluster. This includes both misconfiguration and vulnerability scanning. This scan results in information that gives a 360° assessment of your workload’s security posture.

Watch a short video for a demonstration of workload scanning and its benefits, or read on.

Kubescape 3.0: CLI improvements

In the latest release of Kubescape, we completely overhauled the CLI experience to make it easier and faster for you to improve the security of your clusters.

Watch a short video for a demonstration of the new CLI and its benefits, or read on.

Introducing Kubescape 3.0

We are excited to announce the preview release of Kubescape 3.0, the next generation of the CNCF Kubernetes security posture management tool.

Kubescape 3.0 will add:

  • Compliance and container scan results stored as Kubernetes resources inside the cluster
  • Scanning container images for vulnerabilities from the CLI
  • Reporting on the vulnerabilities of all the images in a cluster
  • A new overview security scan, which helps you set a baseline for cluster security
  • Highlighting of high-risk workloads: those that could do the most damage if they are compromised
  • Improved display output
  • A new capability-based Helm chart
  • Per workload, per namespace and per cluster Prometheus metrics
  • Alerting through Prometheus Alertmanager
  • Sending data outside the cluster to hosted services

Most of these features have landed already, with some being finished over the next few weeks.

Are you running Kubescape? Want to help us get to incubation in the CNCF? Please help us by filling in our three-question survey!

Happy second birthday, Kubescape!

What do you get a piece of software for its second birthday? A brand-new blog, of course! And cake. More on the cake later.

Kubescape is an open-source Kubernetes security platform that helps you identify and fix security risks, misconfigurations and vulnerabilities in your Kubernetes clusters. It is a powerful tool that can save you time and effort, and help you keep your Kubernetes deployments secure.