Getting started with Kubescape
Kubescape can be used as a command line tool, as an operator inside a cluster, as part of a CI/CD process, or in many more places.
The easiest way to get started with Kubescape is to download it to the machine you use to manage your Kubernetes cluster.
(Kubescape is a security product; please read the file before you run it!)
Run your first scan
Kubescape started out as a tool to validate a cluster against the NSA hardening guidance, so let's start by checking how well your cluster and its workloads are configured.
You will see output like this:
Let's break down what this shows.
This framework consists of 24 controls:
- 12 controls failed. This means at least one object in the cluster did not meet the requirements of the control.
- 10 controls passed.
- 2 controls require configuration before they can be evaluated.
The number of controls that failed are also listed by severity.
- Severity is the severity of a control failure, as specified in its framework.
- Control name is the name of the control.
- Failed resources is the number of resources that caused a particular control to fail. A control will be tested against every compatible resource in a cluster.
- All resources shows the number of resources that were available.
- % compliance score shows the control compliance score for that control.
The summary then shows the total number of resources that caused control failures. To view each one and see Kubescape's suggestion on how to fix the failure, run again with
A total compliance score for the framework is also displayed.