Enhance your Kubernetes security by leveraging KubeSec

LEVEL: BASIC

Kubesec is an open-source Kubernetes security scanner and analysis tool. It scans your Kubernetes

cluster for common exploitable risks such as privileged capabilities and provides a severity score for each

found vulnerability.

Security risk analysis for Kubernetes resources.

• Take in a single YAML file as input.

• One YAML can connect multiple Kubernetes resources.

Kubesec is available as:

• Docker container image at docker.io/kubesec/kubesec:v2

• Linux/MacOS/Win binary (get the latest release)

• Kubernetes Admission Controller

• Kubectl plugin

Keep your cluster secure and follow me on a brief demo!

First things first, we are going to define a bash script which is going to perform the scans on our yaml file

by calling the KubeSec API.

1) Execute touch kubesec-scan.sh

2) Create our risky deployment! execute another touch command as follows:

touch insecure-deployment.yaml

Then, paste the following content (make sure you are using your image, it also can be a testing one.

e.g public.ecr.aws/docker/library/node:slim):

apiVersion: apps/v1

kind: Deployment

metadata:

labels:

app: devsecops

name: devsecops

spec:

replicas: 2

selector:

matchLabels: