KubeLight - Kubernetes Security Scanner
It scans K8s cluster for misconfiguration, runtime issues, and compliance (NSA/CISA, CIS, PCI, SOC2) violations. It also checks for node postures and hardening. It has default scan rules and we can write custom rules. We can get the reports on Slack and Elasticsearch.
It is built around a NoSQL-style query engine, hence it is very lightweight, and the core engine is written in pure python.
Kubernetes Security and Compliance Rules
K001: ServiceAccount token mounting
Pod having ServiceAccount token mounted, when get compromised can lead to privilege escalation. automountServiceAccountToken need to be set explicitly to false.
- Severity: Medium
Pod=~(Spec.automountServiceAccountToken.exists()) | (Spec.automountServiceAccountToken == True)
- Remediation: Set automountServiceAccountToken to false for ServiceAccount and Workloads.