Kubescape: Kubernetes Security Scanning
Shriira Press
Find and fix Kubernetes security issues. Scan for misconfigurations, vulnerabilities, and compliance against NSA-CISA and CIS with Kubescape.
Welcome to Kubescape: Kubernetes Security Scanning.
Kubescape is an open-source Kubernetes security platform — it scans clusters, manifests, and images for misconfigurations, vulnerabilities, and excessive permissions, and measures them against security frameworks. This free book teaches it from the ground up: the Kubernetes security problem and what Kubescape is, Kubernetes security risks (misconfigurations, vulnerabilities, RBAC, supply chain), security frameworks (NSA-CISA, CIS, MITRE) and controls, how Kubescape works (scanning, the CLI, the operator, OPA/Rego), misconfiguration scanning, vulnerability scanning (CVEs in images), RBAC and compliance, shift-left and CI/CD, continuous security and the operator (runtime insights), and operating Kubescape in practice (remediation, the ecosystem). Ten focused chapters with clear diagrams that demystify Kubernetes security — finding, measuring, and fixing issues across the lifecycle to turn insecure-by-default Kubernetes into a hardened, compliant, continuously-monitored platform.
This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.
A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.
We hope it serves you well.
— Shriira Press