An advanced Kubernetes vulnerability scanner that identifies critical misconfigurations, supply chain risks, and container escapes. Built to support DevSecOps workflows, it provides security teams with actionable Proof-of-Concept (PoC) commands and an interactive HTML dashboard.
Beautiful, collapsible reports with color-coded severity indicators. Easily share findings with your team.
Exclusively performs read operations, making it 100% safe for production environments.
High-level overview with attack surface analysis and detailed scoring.
0-100 security rating with category-specific breakdowns (RBAC, Network, CLI, etc.).
Collapsible, portable HTML reports with color-coded severity indicators.
Real-time visual progress bars directly in the terminal during scanning.
Share generated HTML reports seamlessly using the built-in HTTP server (serve command).
git clone https://github.com/alperenkesk/k8scan.git
cd k8scan
pip install -r requirements.txt
pip install -e .
docker build -t k8scan .
docker run -v ~/.kube:/root/.kube:ro k8scan scan
# Basic scan (safe, read-only)
k8scan scan --exclude-system
# Full cluster scan with all formats
k8scan scan --output all -f security-audit
# Serve generated reports securely
k8scan serve reports/security-audit.html reports/security-audit.json
1. Production Environment Check (Safe)
Run a read-only scan focusing on critical issues in the production namespace.
k8scan scan --namespace production --severity CRITICAL --output all
2. Weekly Security Audit
Generate a comprehensive HTML report excluding system namespaces, and directly serve it.
k8scan scan --exclude-system --output html -f weekly-audit --serve --port 9000
3. CI/CD Pipeline (JSON Output)
Export findings in a machine-readable format for downstream analysis or alerting.
k8scan scan --severity CRITICAL --output json