Skip to main content

๐Ÿ“ Kubescape - Kubernetes Goat Report

info

Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning. Checkout the project documentation at https://github.com/armosec/kubescape

::: info

๐Ÿ™Œ Overviewโ€‹

Kubescape scan results
  • Kubescape has detected total 205 issues
    • HIGH: 30
    • MEDIUM: 110
    • LOW: 65
Frameworks
  • DevOpsBest (risk: 67.17 %)
  • MITRE (risk: 18.38 %)
  • ArmoBest (risk: 43.02 %)
  • NSA (risk: 43.47 %)

๐Ÿ”ฅ Kubescape Reportโ€‹

SEVERITYCONTROL NAMEFAILED RESOURCESEXCLUDED RESOURCESALL RESOURCES% RISK-SCORE
HighList Kubernetes secrets101100%
HighPrivileged container301323%
HighResources CPU limit and request1101385%
HighResources memory limit and request13013100%
HighWritable hostPath mount201315%
MediumAllow privilege escalation13013100%
MediumAllowed hostPath201315%
MediumAutomatic mapping of service account301520%
MediumCVE-2022-0492-cgroups-container-escape1001377%
MediumCluster internal networking202100%
MediumConfigured liveness probe909100%
MediumContainers mounting Docker socket201315%
MediumHost PID/IPC privileges401331%
MediumHostNetwork access201315%
MediumHostPath mount401331%
MediumImages from allowed registry13013100%
MediumIngress and Egress blocked13013100%
MediumLinux hardening13013100%
MediumMount service principal401331%
MediumNamespace without service accounts10425%
MediumNetwork mapping202100%
MediumNon-root containers13013100%
LowConfigured readiness probe909100%
LowImmutable container filesystem13013100%
LowK8s common labels usage13013100%
LowLabel usage for resources13013100%
LowPods in default namespace1101385%
LowResource policies601346%
RESOURCE SUMMARY1801845.90%