Sample Kubernetes Vulnerability Scanner report
Every Kubernetes vulnerability scan produces detailed findings you can easily export in a PDF, HTML, CSV, XLSX, or editable DOCX report, depending on your plan.
This overview of all identified Kubernetes vulnerabilities includes a breakdown of color-coded risk ratings with all the details available at a glance.
How does the Kubernetes Vulnerability Scanner work?
The Kubernetes Vulnerability Scanner checks if the target host is alive, identifies open ports, and then runs detection routines for known vulnerabilities and misconfigurations.
With 50+ tests performed, it checks the most common Top 10 (light) or Top 100 (deep) ports for Kubernetes-specific services, uses passive and active detection to identify and mitigate vulnerabilities in your Kubernetes environment, and simulates an authenticated attacker with a service account token.
It's easy to scan your Kubernetes clusters for vulnerabilities
Instant exposure alerts for DevSecOps teams
Add Kubernetes security scans to your CI/CD pipelines and monitor Kubernetes clusters to meet compliance requirements with a reliable security testing tool — you can use our REST API, too. Quickly get alerts to your preferred channels (email, Teams, Slack, etc.) if new Kubernetes misconfigurations or vulnerabilities are detected.
Simulated adversary access for offensive security teams
Audit Kubernetes architecture configurations, check for known critical Kubernetes vulnerabilities, emulate authenticated and unauthenticated attacks, and offer remediation recommendations through automatically generated pentest reports.
Comprehensive coverage for defensive security teams
Continuously monitor your Kubernetes cluster security with the right level of vulnerability scanning automation. Keep network security and policy standards compliant.
Easily forward new critical findings and fixes to your teams through the relevant channels (email, Slack, Jira, etc.) or use our Kubernetes scanner through REST API.
Common questions about Kubernetes vulnerability scanning
What tool is commonly used to scan container images for vulnerabilities in Kubernetes?
There are various tools available for Kubernetes vulnerability scanning and you should choose the one that best suits your Kubernetes security needs.
We've developed the Kubernetes Scanner so you quickly identify any issues in your Kubernetes environment, from reconnaissance (Node/Master cluster components) to initial access vulnerabilities (exposed pods, logs, Kubelet API endpoints etc.).
Our scanner's engine is based on kube-hunter, with more in-depth detection methods and better accuracy. If you want to audit your cluster security, you can create a free account and start testing it today.
How do I scan for Kubernetes vulnerabilities and misconfigurations?
With our Kubernetes Vulnerability Scanner you can opt for a free scan to get a quick overview of potential Kubernetes-specific issues or choose a plan that suits your needs to access deep and custom scanning capabilities.
What is a Kubernetes vulnerability?
According to NIST, a vulnerability is defined as follows: “a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” When we consider a Kubernetes vulnerability, we apply this definition to the Kubernetes environment.
How do Kubernetes container images get security scanned?
The Kubernetes cluster gets scanned remotely, emulating an attacker from an external network.
The Kubernetes Scanner we’ve developed allows both unauthenticated and authenticated scans, emulating both an attacker with no initial foothold into your cluster and an internal attacker, or one with access to a leaked service account token.
Is a Kubernetes vulnerability scanner illegal?
No, a Kubernetes vulnerability scanner is not illegal per se. Yet, the context in which someone uses it can be. That's why our Terms & Conditions specifically mention anyone using our tools needs to have either ownership of the target or written consent to use our tools against the target (e.g. a pentesting engagement contract for uncovering Kubernetes vulnerabilities and misconfigurations).
What are recommended best practices for advanced cluster security in Kubernetes?
To keep your Kubernetes cluster security in check, it is best to follow the recommendations under the NIST Kubernetes standards for vulnerability management and the Pod Security Standards that include advanced security policies.
Some other recommended best practices that you will also see in the remediation sections of our reports include: the principle of least privilege, minimizing the use of privileged containers, limiting container capabilities, implementing patches as they're released, etc.
It is also recommended to implement continuous monitoring of your Kubernetes architecture to catch any new security vulnerabilities or misconfigurations as soon as they appear.
Can I schedule continuous Kubernetes security scans?
Yes, with our Kubernetes Vulnerability Scanner you can schedule recurring scans to keep your Kubernetes security posture in check and mitigate any new issues that might appear.
Select the scan option (light, deep, or custom) and frequency you need, push the alerts on your preferred channel, and you're all set. You'll know whenever new misconfigurations or vulnerabilities appear in your Kubernetes environment.
What are the benefits of using the Kubernetes Vulnerability Scanner for security teams?
The Kubernetes Vulnerability Scanner offers specific benefits for different security needs. Integrate Kubernetes security scans into CI/CD workflows, set up continuous monitoring, and know if or when new issues appear.
Simulate both unauthenticated and authenticated attacks to audit Kubernetes configurations, identify critical security vulnerabilities, and generate reports with remediation recommendations included.