Enhance your Kubernetes security by leveraging KubeSec

LEVEL: BASIC
Kubesec is an open-source Kubernetes security scanner and analysis tool. It scans your Kubernetes
cluster for common exploitable risks such as privileged capabilities and provides a severity score for each
found vulnerability.
Security risk analysis for Kubernetes resources.
• Take in a single YAML file as input.
• One YAML can connect multiple Kubernetes resources.
Kubesec is available as:
• Docker container image at docker.io/kubesec/kubesec:v2
• Linux/MacOS/Win binary (get the latest release)
• Kubernetes Admission Controller
• Kubectl plugin
Keep your cluster secure and follow me on a brief demo!
First things first, we are going to define a bash script which is going to perform the scans on our yaml file
by calling the KubeSec API.
1) Execute touch kubesec-scan.sh
2) Create our risky deployment! execute another touch command as follows:
touch insecure-deployment.yaml
Then, paste the following content (make sure you are using your image, it also can be a testing one.
e.g public.ecr.aws/docker/library/node:slim):
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: devsecops
name: devsecops
spec:
replicas: 2
selector:
matchLabels: