Kubescape
kubescape.ioOpen-source Kubernetes Security: Practical, End-to-End Coverage
Securitykubernetesopen-sourcesecurity-scanningcncfvulnerability-assessmentpolicy-enforcementruntime-detection
About
Kubescape is an open-source Kubernetes security platform that provides configuration scanning, vulnerability assessment, policy enforcement, network policy validation, and runtime threat detection for Kubernetes environments. It supports multiple compliance frameworks including CIS Benchmarks, NSA-CISA, and MITRE ATT&CK, and integrates with popular IDEs and CI/CD pipelines. Created by ARMO, it is a CNCF incubating project built on tools like Open Policy Agent, Grype, and eBPF.
Problem
Kubernetes environments are difficult to secure across the full development and deployment lifecycle, from configuration to runtime.
For
Kubernetes engineers and platform operators
How it works
Kubescape retrieves Kubernetes objects from the API server, runs Rego-based posture controls via Open Policy Agent, and performs image scanning and runtime monitoring using integrated open-source tools.
Business model
open-source
Status
launched
Company
ARMO
Launched
2021