
Key Features
- Security Scoring: Assigns points based on passed checks and best-practice recommendations.
- Multi-Resource Support: Scan a single YAML with multiple objects.
- Flexible Deployment: Use as a CLI binary, Docker image, Admission Controller, kubectl plugin, or REST API.
KubeSec supports multi-document YAML files. Separate resources with
--- in the same file and scan them together.Example: Scanning a Pod Manifest
Below is a sample Pod specification that enforces a read-only root filesystem:Scan via Docker
Scan via REST API
If you expose the REST endpoint publicly, ensure you protect it behind authentication or a firewall to prevent misuse.
Sample JSON Response
The scanner returns a JSON object with your resource’s score and specific advisories:- passed: Checks that succeeded and earned points.
- advise: Recommendations to improve the security posture, along with points you can earn.