أدوات مؤتمتة تحدد الثغرات والإعدادات الخاطئة وانتهاكات السياسات الأمنية داخل بيئات مجموعات Kubernetes.
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Checkov is a static analysis tool that scans Kubernetes manifests, container images, and infrastructure as code for misconfigurations, vulnerabilities, and secrets, covering CIS benchmarks, compliance reporting, and policy enforcement — a comprehensive fit for Kubernetes security scanning.
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
Trivy is a comprehensive security scanner that directly targets Kubernetes clusters for vulnerabilities, misconfigurations, and CIS benchmark compliance, covering the major requested features like container image scanning, RBAC analysis, and policy reporting.
Kubescape is a security platform for Kubernetes that provides tools for scanning clusters, configurations, and container images against industry compliance and security benchmarks. It functions as a suite of security utilities, including a compliance auditor, a misconfiguration scanner, and a container vulnerability scanner. The project differentiates itself through automated remediation and active enforcement. It can automatically patch operating system vulnerabilities in images and fix security errors within manifest files. It also utilizes an admission controller to block the deployment of
Kubescape is a comprehensive Kubernetes security platform that scans clusters, configurations, and container images for CIS benchmarks, vulnerabilities, and compliance violations, with additional coverage of network policies and RBAC through its security assessments and audit utilities.
ThreatMapper is a cloud native application protection platform and infrastructure security scanner. It functions as a vulnerability management system and cloud workload telemetry collector designed to monitor workloads and detect security risks across cloud and container environments. The platform distinguishes itself through a network traffic visualizer that uses machine learning to classify communication patterns and a graph-based attack mapping system to identify high-risk paths between vulnerabilities and network dependencies. Its broader capabilities cover cloud infrastructure complianc
ThreatMapper is a full-featured cloud-native application protection platform that scans Kubernetes clusters for vulnerabilities, misconfigurations, and compliance issues, covering the required capabilities like container image scanning, CIS compliance, and network traffic analysis.
Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo
Kubescape is a full-featured Kubernetes security posture management platform that directly addresses the request: it scans clusters, manifests, and container images for misconfigurations, vulnerabilities, and compliance risks (including CIS benchmarks), and performs RBAC analysis, network policy evaluation, and secrets detection — making it an excellent match for a cluster security scanner.
Kubernetes-native security toolkit
Trivy-Operator is a Kubernetes-native operator that automates the Trivy scanner, providing comprehensive vulnerability, misconfiguration, secret, and CIS benchmark compliance scanning for your cluster, directly matching this search.
Kube-hunter is a security scanner and vulnerability hunter for Kubernetes clusters. It operates as a cloud-native penetration tool designed to identify security weaknesses, infrastructure misconfigurations, and exploitable gaps by simulating attacker techniques. The tool distinguishes itself through a dual-mode scanning engine that executes both remote external probes and internal network scans. It features identity-based impersonation, allowing it to use service account tokens and pod identities to simulate security access from specific cluster roles and determine the potential blast radius
Kube-hunter is a Kubernetes security scanner that identifies vulnerabilities and misconfigurations by simulating attacker techniques, but it lacks explicit CIS benchmark checks, container image scanning, and detailed compliance reporting that your search includes.
kube-bench is a Kubernetes security benchmark scanner and configuration auditor. It verifies if a cluster adheres to the Center for Internet Security standards and other hardening guides to identify security misconfigurations and vulnerabilities. The tool operates as a containerized security scanner, utilizing host namespaces to analyze nodes and control plane components without requiring the installation of binaries directly on the host. It supports multiple Kubernetes distributions, applying environment-specific benchmarks to ensure auditing accuracy for managed services. The project cover
kube-bench is a Kubernetes security benchmark scanner that checks CIS compliance and configuration hardening, which directly addresses the misconfiguration and compliance part of your search, but it does not cover container image vulnerabilities, RBAC analysis, network policy evaluation, or secrets detection that you also need.
Kubernetes Security Scanner - Part of NullSec Linux
This repository is explicitly a Kubernetes security scanner, which directly matches the core category, but the sparse description and lack of topics provide no evidence of the specific features like CIS benchmarks, image scanning, or compliance reporting that the visitor wants.
A tool to scan Kubernetes cluster for risky permissions
Kubiscan scans Kubernetes clusters for risky permissions, making it a legitimate security scanner, but it focuses narrowly on RBAC analysis and lacks the broader vulnerability, CIS benchmark, network policy, and secrets detection capabilities you listed.