armosec/kubescape

Features

• Kubernetes Security - Provides a comprehensive security suite for scanning Kubernetes clusters, configurations, and images against benchmarks.
• Container Image Patching - Automatically updates container images to fix operating system vulnerabilities and reduce the attack surface.
• Benchmark Scanning - Evaluates cluster manifests against a library of industry-standard security benchmarks to identify misconfigurations.
• Vulnerability Patching - Detects security flaws in container images and applies automatic patches to reduce the attack surface.
• Security Scanning - Analyzes Kubernetes cluster configurations to identify security risks, misconfigurations, and compliance violations.
• Security Auto-Remediation - Automatically applies patches to configuration manifests to resolve security errors and align with best practices.
• Automated Configuration Remediation - Automatically fixes security errors within manifest files to align with industry best practices.
• Cloud Compliance Auditors - Verifies Kubernetes clusters against regulatory frameworks and security best practices.
• Orchestration Admission Controllers - Implements a Kubernetes admission controller to intercept and block deployments that violate security policies.
• Infrastructure Misconfiguration Detectors - Analyzes Kubernetes manifests and cluster states to identify and remediate security risks and misconfigurations.
• Security Policy Enforcers - Blocks the deployment of workloads that violate security standards using admission policies.
• Kubernetes Compliance Monitoring - Continuously checks cluster configurations against regulatory standards and exports security metrics.
• Misconfiguration Scanning - Analyzes clusters and configuration files against industry benchmarks to identify security risks.
• Policy Enforcement Engines - Blocks the deployment of workloads that violate defined security standards using policy evaluation rules.
• Vulnerability Scanners - Detects known vulnerabilities within container images to reduce the attack surface of workloads.
• Kubernetes Security Assessments - Scans clusters and configuration files for misconfigurations to ensure alignment with industry benchmarks.
• Vulnerability Scanning - Detects known vulnerabilities within container images to identify security flaws before deployment.
• Network Policy Enforcement - Generates network policies to restrict unauthorized traffic between Kubernetes workloads based on cluster analysis.
• Network Policy Generation - Analyzes cluster traffic to generate and implement network policies that prevent unauthorized communication.
• Security Monitors - Tracks cluster activity using system-level probes to detect security threats and events in real time.
• Dynamic Kernel Probes - Uses low-level system probes to monitor kernel activity and detect security threats in real time.
• Metric and Performance Monitors - Deploys an automated operator to continuously scan configurations and images and export security metrics.
• Cluster Monitoring Systems - Runs an automated operator within the cluster to continuously monitor security configurations and export metrics.
• Container and Cluster Security - Compliance and security testing tool for Kubernetes deployments.
• Kubernetes Security - Tests Kubernetes deployments against security frameworks.

Star history