Skip to main content
toolsSource-backed
Kubernetes logo

Kubescape

Apache-2.0 CNCF-incubating Kubernetes security platform and CLI for scanning clusters, manifests, Helm charts, Kustomize projects, Git repositories, and container images for misconfigurations, compliance gaps, and vulnerabilities.

by Kubescape · submitted by oktofeesh1·added 2026-06-04·
HarnessCLI
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://kubescape.io/docs/, https://github.com/kubescape/kubescape, https://kubescape.io/
Brand
Kubernetes
Brand domain
kubescape.io
Brand asset source
brandfetch
Safety notes
Cluster scans use kubeconfig and Kubernetes API access; run Kubescape with the narrowest practical permissions and avoid broad production credentials in untrusted automation., Manifest and repository scans can reveal sensitive workload structure, names, images, RBAC bindings, network policy gaps, and security posture; treat reports as security-sensitive evidence., Auto-fix commands can modify Kubernetes manifests, so use dry-run output, review diffs, and keep version-controlled rollback paths before applying generated changes., Image patching can require BuildKit and elevated local privileges, and the push option can publish patched images back to a registry; test tags and registry scope before enabling it., Validating Admission Policy generation and Deny bindings can block deploys cluster-wide if policy scope, namespace selectors, or control IDs are wrong., Exceptions, suppressed findings, severity thresholds, compliance thresholds, and baseline configuration can hide meaningful risk when used without review., Image scanning and vulnerability matching depend on image access, vulnerability database freshness, package detection, distro context, and Grype database behavior; high-impact results still need human triage., The MCP server exposes vulnerability and configuration scan data to AI assistants using the same Kubernetes access context, so connect it only to trusted clients and service accounts.
Privacy notes
Kubescape reports can include cluster names, namespaces, workload names, RBAC subjects, users with administrative rights, image names, tags, digests, CVEs, control failures, file paths, and compliance scores., Pulling private images or scanning registries can disclose image references, registry hosts, authentication attempts, platform requests, and network metadata to registry infrastructure., CLI configuration can include account IDs, access keys, backend URLs, kubeconfig paths, registry usernames, registry passwords, output paths, cache directories, and exception files., SaaS submission, backend discovery, operator telemetry, Prometheus export, code-scanning uploads, and CI artifacts can move scan metadata outside the local machine or cluster when enabled., SARIF, JSON, JUnit, HTML, PDF, Prometheus, and MCP outputs can expose detailed security posture and should have retention, access control, and redaction policies., The Kubescape MCP server can make vulnerability manifests and configuration scan results available to AI tools, which may have their own logging, retention, and data-handling behavior.
Author
Kubescape
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Copy & paste

Copy-ready — paste the snippet to get started.

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

7 prerequisites to line up before setup. Have accounts and credentials ready first. Includes a review or approval gate.

0/7 ready
Account & credentials1Install & runtime1Permissions & scopes1Network & hosting1Review & approval2General1

Safety & privacy surface

Safety & privacy surface

8 safety and 6 privacy notes across 6 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

6 areas
  • SafetyCredentials & tokensCluster scans use kubeconfig and Kubernetes API access; run Kubescape with the narrowest practical permissions and avoid broad production credentials in untrusted automation.
  • SafetyNetwork accessManifest and repository scans can reveal sensitive workload structure, names, images, RBAC bindings, network policy gaps, and security posture; treat reports as security-sensitive evidence.
  • SafetyLocal filesAuto-fix commands can modify Kubernetes manifests, so use dry-run output, review diffs, and keep version-controlled rollback paths before applying generated changes.
  • SafetyPermissions & scopesImage patching can require BuildKit and elevated local privileges, and the push option can publish patched images back to a registry; test tags and registry scope before enabling it.
  • SafetyPermissions & scopesValidating Admission Policy generation and Deny bindings can block deploys cluster-wide if policy scope, namespace selectors, or control IDs are wrong.
  • SafetyGeneralExceptions, suppressed findings, severity thresholds, compliance thresholds, and baseline configuration can hide meaningful risk when used without review.
  • SafetyGeneralImage scanning and vulnerability matching depend on image access, vulnerability database freshness, package detection, distro context, and Grype database behavior; high-impact results still need human triage.
  • SafetyGeneralThe MCP server exposes vulnerability and configuration scan data to AI assistants using the same Kubernetes access context, so connect it only to trusted clients and service accounts.
  • PrivacyPermissions & scopesKubescape reports can include cluster names, namespaces, workload names, RBAC subjects, users with administrative rights, image names, tags, digests, CVEs, control failures, file paths, and compliance scores.
  • PrivacyNetwork accessPulling private images or scanning registries can disclose image references, registry hosts, authentication attempts, platform requests, and network metadata to registry infrastructure.
  • PrivacyCredentials & tokensCLI configuration can include account IDs, access keys, backend URLs, kubeconfig paths, registry usernames, registry passwords, output paths, cache directories, and exception files.
  • PrivacyNetwork accessSaaS submission, backend discovery, operator telemetry, Prometheus export, code-scanning uploads, and CI artifacts can move scan metadata outside the local machine or cluster when enabled.
  • PrivacyPermissions & scopesSARIF, JSON, JUnit, HTML, PDF, Prometheus, and MCP outputs can expose detailed security posture and should have retention, access control, and redaction policies.
  • PrivacyData retentionThe Kubescape MCP server can make vulnerability manifests and configuration scan results available to AI tools, which may have their own logging, retention, and data-handling behavior.

Disclosure: editorial

Safety notes

  • Cluster scans use kubeconfig and Kubernetes API access; run Kubescape with the narrowest practical permissions and avoid broad production credentials in untrusted automation.
  • Manifest and repository scans can reveal sensitive workload structure, names, images, RBAC bindings, network policy gaps, and security posture; treat reports as security-sensitive evidence.
  • Auto-fix commands can modify Kubernetes manifests, so use dry-run output, review diffs, and keep version-controlled rollback paths before applying generated changes.
  • Image patching can require BuildKit and elevated local privileges, and the push option can publish patched images back to a registry; test tags and registry scope before enabling it.
  • Validating Admission Policy generation and Deny bindings can block deploys cluster-wide if policy scope, namespace selectors, or control IDs are wrong.
  • Exceptions, suppressed findings, severity thresholds, compliance thresholds, and baseline configuration can hide meaningful risk when used without review.
  • Image scanning and vulnerability matching depend on image access, vulnerability database freshness, package detection, distro context, and Grype database behavior; high-impact results still need human triage.
  • The MCP server exposes vulnerability and configuration scan data to AI assistants using the same Kubernetes access context, so connect it only to trusted clients and service accounts.

Privacy notes

  • Kubescape reports can include cluster names, namespaces, workload names, RBAC subjects, users with administrative rights, image names, tags, digests, CVEs, control failures, file paths, and compliance scores.
  • Pulling private images or scanning registries can disclose image references, registry hosts, authentication attempts, platform requests, and network metadata to registry infrastructure.
  • CLI configuration can include account IDs, access keys, backend URLs, kubeconfig paths, registry usernames, registry passwords, output paths, cache directories, and exception files.
  • SaaS submission, backend discovery, operator telemetry, Prometheus export, code-scanning uploads, and CI artifacts can move scan metadata outside the local machine or cluster when enabled.
  • SARIF, JSON, JUnit, HTML, PDF, Prometheus, and MCP outputs can expose detailed security posture and should have retention, access control, and redaction policies.
  • The Kubescape MCP server can make vulnerability manifests and configuration scan results available to AI tools, which may have their own logging, retention, and data-handling behavior.

Prerequisites

  • Kubescape installed from an official or trusted path such as the install script, GitHub releases, Homebrew, Krew, package manager, or source build after reviewing the installer.
  • Target plan for scanning the current Kubernetes cluster, an alternate kubeconfig or context, namespaces, YAML manifests, Helm charts, Kustomize directories, Git repositories, or container images.
  • Framework and policy plan for NSA-CISA, MITRE ATT&CK, CIS, SOC 2, PCI DSS, HIPAA, individual controls, exceptions, severity thresholds, compliance thresholds, and baseline drift.
  • Kubernetes access plan with least-privilege kubeconfig, RBAC, namespace boundaries, operator permissions, and safe handling for production clusters.
  • Registry and image-scanning plan for private images, registry credentials, Grype database access, offline database use, image patching, and patched-image tagging or push behavior.
  • CI and reporting plan for JSON, JUnit, SARIF, HTML, PDF, Prometheus, exit-code thresholds, artifact retention, code scanning upload, and human triage of findings.
  • Remediation plan before using manifest auto-fix, image patching, Validating Admission Policies, Deny actions, operator scans, continuous scanning, or MCP access to cluster security data.

Schema details

Install type
copy
Troubleshooting
No
Source repository stats
Scope
Source repo
Tool listing metadata
Pricing
open-source
Disclosure
editorial
Application category
DeveloperApplication
Operating system
macOS, Windows, Linux
Full copyable content
## Editorial notes

Kubescape is useful when Claude-adjacent teams need a Kubernetes-aware security scanner that works before and after deployment. Agents can use it to inspect manifests, check cluster posture, generate CI artifacts, review framework failures, query scan results through MCP, and keep remediation work grounded in concrete controls rather than vague best-practice advice.

This entry covers Kubescape as a Kubernetes security tool and CLI. It is distinct from general vulnerability scanners such as Grype because Kubescape combines Kubernetes misconfiguration scanning, compliance frameworks, cluster posture, operator workflows, image vulnerability scanning, admission policy generation, remediation helpers, runtime-oriented capabilities, and an MCP server. The MCP server is a feature of Kubescape, but the listing is for the broader tool rather than a standalone MCP server entry.

## Source notes

- The official repository describes Kubescape as an open-source Kubernetes security platform for IDEs, CI/CD pipelines, and clusters.
- The repository description says Kubescape includes risk analysis, security, compliance, and misconfiguration scanning for Kubernetes users and administrators.
- The README describes Kubescape as comprehensive Kubernetes security from development to runtime, with hardening, posture management, and runtime security capabilities.
- The README says Kubescape was created by ARMO and is a Cloud Native Computing Foundation incubating project.
- The README feature table lists misconfiguration scanning, image vulnerability scanning using Grype, image patching using Copacetic, auto-remediation, admission control with Validating Admission Policies, runtime security using Inspektor Gadget, and MCP server support for AI assistant integration.
- The README quick start shows scanning the current cluster, scanning YAML files or directories, and scanning container images.
- The installation docs describe the install script, GitHub releases, Homebrew, Krew, Linux package managers, Windows package managers, manual installation, source builds, verification, updates, and uninstall options.
- The getting-started docs say Kubescape can run as a command-line tool, an in-cluster operator, part of CI/CD, or other workflows.
- The getting-started docs list capabilities for scanning Kubernetes clusters, YAML files, Helm charts, and container images.
- The getting-started docs describe NSA-CISA, MITRE ATT&CK, and CIS Benchmark scanning, controls, kubeconfig selection, namespace include and exclude filters, local YAML scans, Git repository scans, exceptions, Helm chart detection, Kustomize detection, and operator-triggered scans.
- The CLI reference lists scan targets for clusters, paths, and Git repository URLs, plus output formats including JSON, JUnit, SARIF, HTML, PDF, and Prometheus.
- The CLI reference documents compliance thresholds, severity thresholds, exceptions, local artifact use, SaaS submission flags, and backend configuration fields.
- The CLI reference documents manifest auto-fix with dry-run and no-confirm flags.
- The CLI reference says image patching can produce a local patched image by default and can push the patched image to the source registry when explicitly requested.
- The CLI reference documents offline artifact downloads and later scans using local artifacts.
- The MCP server docs say Kubescape exposes vulnerability manifests and configuration security scan results to AI assistants through the Model Context Protocol, using data produced by the Kubescape operator.
- The MCP server docs state that the server uses the same Kubernetes permissions as the kubeconfig, provides read-only access to vulnerability and configuration data, and should use limited permissions in production.
- The repository is `kubescape/kubescape`, is Apache-2.0 licensed, active, and has official documentation at `kubescape.io/docs`.

## Duplicate check

Checked current `content/tools/`, `content/mcp/`, agents, hooks, rules, skills, commands, guides, collections, open pull requests, live issue state, and repository-wide content for `Kubescape`, `kubescape/kubescape`, `github.com/kubescape/kubescape`, `kubescape.io/docs`, `ARMO`, `CNCF incubating`, `NSA-CISA`, `MITRE ATT&CK`, `Kubernetes security posture`, `Validating Admission Policies`, and `Kubescape MCP`. No dedicated Kubescape tools entry, target file, exact source URL duplicate, issue duplicate, semantic duplicate, or open duplicate PR was found.

## Disclosure

Editorial listing. No paid placement or affiliate link is used. Kubescape is Apache-2.0 open-source software created by ARMO and hosted as a CNCF incubating project; ARMO services, Kubernetes providers, cloud registries, CI platforms, code-scanning systems, telemetry backends, MCP clients, policy engines, and downstream artifact stores may have separate licenses, billing, terms, privacy obligations, and access controls.

About this resource

Editorial notes

Kubescape is useful when Claude-adjacent teams need a Kubernetes-aware security scanner that works before and after deployment. Agents can use it to inspect manifests, check cluster posture, generate CI artifacts, review framework failures, query scan results through MCP, and keep remediation work grounded in concrete controls rather than vague best-practice advice.

This entry covers Kubescape as a Kubernetes security tool and CLI. It is distinct from general vulnerability scanners such as Grype because Kubescape combines Kubernetes misconfiguration scanning, compliance frameworks, cluster posture, operator workflows, image vulnerability scanning, admission policy generation, remediation helpers, runtime-oriented capabilities, and an MCP server. The MCP server is a feature of Kubescape, but the listing is for the broader tool rather than a standalone MCP server entry.

Source notes

  • The official repository describes Kubescape as an open-source Kubernetes security platform for IDEs, CI/CD pipelines, and clusters.
  • The repository description says Kubescape includes risk analysis, security, compliance, and misconfiguration scanning for Kubernetes users and administrators.
  • The README describes Kubescape as comprehensive Kubernetes security from development to runtime, with hardening, posture management, and runtime security capabilities.
  • The README says Kubescape was created by ARMO and is a Cloud Native Computing Foundation incubating project.
  • The README feature table lists misconfiguration scanning, image vulnerability scanning using Grype, image patching using Copacetic, auto-remediation, admission control with Validating Admission Policies, runtime security using Inspektor Gadget, and MCP server support for AI assistant integration.
  • The README quick start shows scanning the current cluster, scanning YAML files or directories, and scanning container images.
  • The installation docs describe the install script, GitHub releases, Homebrew, Krew, Linux package managers, Windows package managers, manual installation, source builds, verification, updates, and uninstall options.
  • The getting-started docs say Kubescape can run as a command-line tool, an in-cluster operator, part of CI/CD, or other workflows.
  • The getting-started docs list capabilities for scanning Kubernetes clusters, YAML files, Helm charts, and container images.
  • The getting-started docs describe NSA-CISA, MITRE ATT&CK, and CIS Benchmark scanning, controls, kubeconfig selection, namespace include and exclude filters, local YAML scans, Git repository scans, exceptions, Helm chart detection, Kustomize detection, and operator-triggered scans.
  • The CLI reference lists scan targets for clusters, paths, and Git repository URLs, plus output formats including JSON, JUnit, SARIF, HTML, PDF, and Prometheus.
  • The CLI reference documents compliance thresholds, severity thresholds, exceptions, local artifact use, SaaS submission flags, and backend configuration fields.
  • The CLI reference documents manifest auto-fix with dry-run and no-confirm flags.
  • The CLI reference says image patching can produce a local patched image by default and can push the patched image to the source registry when explicitly requested.
  • The CLI reference documents offline artifact downloads and later scans using local artifacts.
  • The MCP server docs say Kubescape exposes vulnerability manifests and configuration security scan results to AI assistants through the Model Context Protocol, using data produced by the Kubescape operator.
  • The MCP server docs state that the server uses the same Kubernetes permissions as the kubeconfig, provides read-only access to vulnerability and configuration data, and should use limited permissions in production.
  • The repository is kubescape/kubescape, is Apache-2.0 licensed, active, and has official documentation at kubescape.io/docs.

Duplicate check

Checked current content/tools/, content/mcp/, agents, hooks, rules, skills, commands, guides, collections, open pull requests, live issue state, and repository-wide content for Kubescape, kubescape/kubescape, github.com/kubescape/kubescape, kubescape.io/docs, ARMO, CNCF incubating, NSA-CISA, MITRE ATT&CK, Kubernetes security posture, Validating Admission Policies, and Kubescape MCP. No dedicated Kubescape tools entry, target file, exact source URL duplicate, issue duplicate, semantic duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used. Kubescape is Apache-2.0 open-source software created by ARMO and hosted as a CNCF incubating project; ARMO services, Kubernetes providers, cloud registries, CI platforms, code-scanning systems, telemetry backends, MCP clients, policy engines, and downstream artifact stores may have separate licenses, billing, terms, privacy obligations, and access controls.

Source citations

Add this badge to your README

Show that Kubescape is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/tools/kubescape.svg)](https://heyclau.de/entry/tools/kubescape)

How it compares

Kubescape side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field

Apache-2.0 CNCF-incubating Kubernetes security platform and CLI for scanning clusters, manifests, Helm charts, Kustomize projects, Git repositories, and container images for misconfigurations, compliance gaps, and vulnerabilities.

Open dossier

Apache-2.0 vulnerability scanner from Anchore for container images, filesystems, archives, SBOMs, PURLs, and CPEs, with risk scoring, VEX filtering, and CI-friendly output.

Open dossier

Apache-2.0 Sigstore CLI for signing, verifying, and attesting containers, blobs, binaries, SBOMs, and OCI artifacts with keyless OIDC, KMS keys, Fulcio, Rekor, bundles, and registry storage.

Open dossier

Open-source secret scanner for finding passwords, API keys, tokens, and other credentials in git history, files, directories, and stdin.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
Submitteroktofeesh1oktofeesh1oktofeesh1oktofeesh1
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandKubernetes logoKubernetesGrype logoGrypeCosign logoCosignGitleaks logoGitleaks
Categorytoolstoolstoolstools
SourceSource-backedSource-backedSource-backedSource-backed
AuthorKubescapeAnchoreSigstoreGitleaks
Added2026-06-042026-06-042026-06-042026-06-03
Platforms
Harness
Source repo
Safety notesCluster scans use kubeconfig and Kubernetes API access; run Kubescape with the narrowest practical permissions and avoid broad production credentials in untrusted automation. Manifest and repository scans can reveal sensitive workload structure, names, images, RBAC bindings, network policy gaps, and security posture; treat reports as security-sensitive evidence. Auto-fix commands can modify Kubernetes manifests, so use dry-run output, review diffs, and keep version-controlled rollback paths before applying generated changes. Image patching can require BuildKit and elevated local privileges, and the push option can publish patched images back to a registry; test tags and registry scope before enabling it. Validating Admission Policy generation and Deny bindings can block deploys cluster-wide if policy scope, namespace selectors, or control IDs are wrong. Exceptions, suppressed findings, severity thresholds, compliance thresholds, and baseline configuration can hide meaningful risk when used without review. Image scanning and vulnerability matching depend on image access, vulnerability database freshness, package detection, distro context, and Grype database behavior; high-impact results still need human triage. The MCP server exposes vulnerability and configuration scan data to AI assistants using the same Kubernetes access context, so connect it only to trusted clients and service accounts.Grype parses container images, archives, filesystems, SBOMs, package identifiers, and vulnerability data; run it from trusted automation with bounded filesystem access and resource limits for untrusted targets. The install script and binary update paths should be verified before use in production CI; pin versions and checksums where reproducible builds or regulated environments require it. Scanning private images can use registry credentials, client certificates, tokens, Docker or Podman daemon access, and local image metadata, so CI jobs should scope credentials and avoid broad registry permissions. Vulnerability findings are advisory and depend on package detection, vulnerability database freshness, distro context, CPE matching, fix-state metadata, EPSS, KEV, and risk-scoring inputs; high-impact findings still need human triage. Fail-on thresholds, only-fixed filters, only-notfixed filters, ignore rules, VEX documents, and suppressed-result settings can change pipeline outcomes, so policy changes should be reviewed like security code. The configuration reference includes options for insecure registry TLS behavior and HTTP registry access; these should be avoided outside tightly controlled test environments. Automatic database updates and application update checks make outbound network requests unless disabled or pinned by policy. Large images, archives, monorepos, or SBOMs can produce expensive scans and large JSON/SARIF artifacts; set timeouts, artifact limits, cache policy, and retention rules in CI.Sign container images by immutable digest rather than mutable tag so the signature is attached to the intended artifact. Keyless workflows depend on OIDC issuer and subject claims; overly broad certificate identity, issuer, or regular-expression verification can approve artifacts from the wrong workflow or account. Public-key, KMS, Vault, Kubernetes secret, environment-variable, and hardware-backed signing flows can expose high-value signing material if CI permissions or logs are too broad. Disabling Cosign claim checks or bypassing transparency-log and timestamp expectations weakens the connection between the verified signature and the artifact being consumed. Attestation and policy workflows can gate releases, deploys, or promotion decisions; review predicate schemas, policy rules, and failure behavior before enforcing them in production. Cosign can upload signatures, certificates, attestations, and bundles to registries or transparency infrastructure; test registry support and cleanup behavior before relying on it. Registry cleanup or deletion commands can remove signatures where the registry supports deletion, so keep release evidence retention and recovery requirements explicit. Offline and air-gapped verification requires current trusted roots, bundles or signed-entry evidence, local artifacts, and a process for refreshing trust data safely.Gitleaks can scan git history and large directories, so scope scans intentionally and use baselines for noisy legacy repositories. Findings may include real active credentials; treat reports, CI logs, and exported SARIF or JSON artifacts as sensitive. The upstream README states Gitleaks is feature complete and future releases are expected to be security patches only.
Privacy notesKubescape reports can include cluster names, namespaces, workload names, RBAC subjects, users with administrative rights, image names, tags, digests, CVEs, control failures, file paths, and compliance scores. Pulling private images or scanning registries can disclose image references, registry hosts, authentication attempts, platform requests, and network metadata to registry infrastructure. CLI configuration can include account IDs, access keys, backend URLs, kubeconfig paths, registry usernames, registry passwords, output paths, cache directories, and exception files. SaaS submission, backend discovery, operator telemetry, Prometheus export, code-scanning uploads, and CI artifacts can move scan metadata outside the local machine or cluster when enabled. SARIF, JSON, JUnit, HTML, PDF, Prometheus, and MCP outputs can expose detailed security posture and should have retention, access control, and redaction policies. The Kubescape MCP server can make vulnerability manifests and configuration scan results available to AI tools, which may have their own logging, retention, and data-handling behavior.The Grype getting-started docs say Grype runs locally and does not send scan data to external services; it needs internet access for downloading container images and the vulnerability database. Pulling images from remote or private registries can disclose image names, tags, digests, registry hostnames, platform requests, authentication attempts, and network metadata to registry infrastructure. Scan output can reveal package names, package versions, ecosystems, distro names, image identifiers, file metadata, file digests, executable metadata, vulnerability identifiers, fix versions, EPSS, KEV, risk scores, and suppressed findings. JSON, SARIF, CycloneDX, and template outputs are useful for automation but can leak dependency inventory and security posture when uploaded to CI logs, code scanning tools, tickets, dashboards, or long-retention artifacts. Configuration files and environment variables can include registry usernames, passwords, tokens, client certificates, client keys, CA certificates, cache paths, update URLs, ignore rules, VEX documents, and output paths. SBOM inputs may contain full dependency inventories and build metadata; treat Grype reports and source SBOMs as security-sensitive artifacts.Keyless signing can publish email addresses, OIDC identities, certificate metadata, timestamps, and transparency-log records that are intentionally public and may be permanent. Registry-stored signatures, certificates, attestations, OCI referrers, annotations, and bundles can reveal image names, digests, artifact relationships, workflow identity, and release metadata. Sigstore bundles can include signatures, certificates, timestamps, transparency-log inclusion proofs, and issuer or subject details that should be reviewed before publishing. CI logs and artifacts can expose image references, registry hosts, certificate identities, issuer URLs, workflow paths, annotations, KMS URIs, bundle paths, and verification payloads. Cloud KMS, Vault, registry, GitHub Actions, GitLab CI, and other identity providers may receive authentication, authorization, and audit metadata when Cosign signs or verifies artifacts. Private keys, KMS credentials, registry tokens, client certificates, OIDC tokens, and signing environment variables should be scoped, rotated, masked, and excluded from generated artifacts.Scans inspect repository contents, file contents, commit metadata, and streamed input for credential-like strings. Report files and verbose logs can contain secret values unless redaction and artifact retention are configured carefully. CI integrations may expose findings to workflow logs, code-scanning systems, or third-party build infrastructure.
Prerequisites
  • Kubescape installed from an official or trusted path such as the install script, GitHub releases, Homebrew, Krew, package manager, or source build after reviewing the installer.
  • Target plan for scanning the current Kubernetes cluster, an alternate kubeconfig or context, namespaces, YAML manifests, Helm charts, Kustomize directories, Git repositories, or container images.
  • Framework and policy plan for NSA-CISA, MITRE ATT&CK, CIS, SOC 2, PCI DSS, HIPAA, individual controls, exceptions, severity thresholds, compliance thresholds, and baseline drift.
  • Kubernetes access plan with least-privilege kubeconfig, RBAC, namespace boundaries, operator permissions, and safe handling for production clusters.
  • Grype installed from an official or trusted package path such as the Anchore install script, Homebrew, Windows package manager, Docker image, or GitHub release.
  • Target selection for container images, registries, Docker, Podman, containerd, OCI archives, Docker archives, Singularity images, directories, files, SBOMs, Package URLs, or CPEs.
  • Vulnerability database update policy, cache directory, offline scanning expectations, database age policy, and network allowance for database downloads.
  • CI policy for output formats, JSON/SARIF artifacts, fail-on severity thresholds, fix-state filters, VEX documents, ignore rules, and suppressed-result review.
  • Cosign installed from an official or trusted path such as GitHub releases, Homebrew, Go install, a Linux package, the official container image, or a CI installer action.
  • Artifact target plan for container images by digest, local blobs, binaries, SBOMs, WASM modules, Tekton bundles, OCI artifacts, or release files.
  • Signing identity or key plan covering keyless OIDC, expected certificate identity and issuer, self-managed keys, hardware keys, KMS, Vault, Kubernetes secrets, PKCS11, or custom PKI.
  • Registry and artifact-storage plan for OCI referrers, signature artifacts, private registry authentication, local bundles, offline verification, and later upload workflows.
  • A repository, directory, file, or stdin stream that you are authorized to scan.
  • Gitleaks installed through Homebrew, Docker, Go, a release binary, pre-commit, or the official GitHub Action.
  • A plan for handling findings, baselines, and allowed test credentials without exposing real secrets in reports.
Install
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.