Kubescape
Open-source K8s security scanning
Kubescape is the most popular open-source Kubernetes security scanning tool, with over 10,000 stars on GitHub and millions of downloads. It checks cluster configurations against more than 250 security controls based on NSA/CISA hardening guidelines, the MITRE ATT&CK framework, and CIS Benchmarks. The system offers native integration with popular CI/CD tools such as GitHub Actions, GitLab CI, Jenkins, and ArgoCD, enabling shift-left security in the development process.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- More than 250 built-in security controls mapped to NSA/CISA and CIS Benchmarks
- Native integration with GitHub Actions, GitLab CI, Jenkins, and ArgoCD for CI/CD security
- Scanning of YAML manifests, Helm charts, and Kustomize before deployment
- Export of results to JSON, SARIF, and JUnit formats for integration with developer tools
- Operator mode for continuous cluster monitoring with Prometheus metrics
Business benefits
- Completely free open-source tool supported by a community of over 50,000 users
- Detection of 95% of common Kubernetes misconfigurations before production deployment
- Reduction of security audit time from days to minutes through automation
- Compliance with NSA, CISA, and CIS requirements without additional licensing costs
- Fast deployment in less than 5 minutes using a single CLI command
Why Armo?
The creator of Kubescape – the most popular open-source Kubernetes security tool. ARMO offers a comprehensive KSPM (Kubernetes Security Posture Management) platform that identifies misconfigurations, vulnerabilities, and compliance issues in K8s clusters.
Need Kubescape in your organization?
As a certified Armo partner, we'll help you deploy and configure the solution.