Frameworks and controls
Security researchers and professionals codify best practices in controls: preventative, detective or corrective measures that can be taken to avoid, or contain, a security breach.
A security framework is a set of guidelines, best practices, or standards, usually codified as a number of controls. Security frameworks are often published by government agencies or non-profit research centers.
Kubescape comes with hundreds of controls that can be used in either provided or custom frameworks. The controls are tests that look at a certain aspect of your security posture. Kubescape can examine:
- Kubernetes object configuration: any YAML file, any Helm chart, or any resource that the API server exposes.
- API server settings: configuration of the Kubernetes API server.
- Worker nodes: the configuration of the Kubernetes worker nodes, including
kubeletconfiguration and host settings.
- Container image: the results from image scanning, to give you high-level visibility into items that need your attention.
The controls, and their grouping into frameworks, are maintained in the Kubescape regolibrary repository.