Skip to content

Commit 77427a0

Browse files
carlospolopcarlospolop
committed
k8s tools
1 parent 6726a5e commit 77427a0

File tree

1 file changed

+57
-1
lines changed
  • src/pentesting-cloud/kubernetes-security/kubernetes-hardening

1 file changed

+57
-1
lines changed

src/pentesting-cloud/kubernetes-security/kubernetes-hardening/README.md

Lines changed: 57 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
## Tools to analyse a cluster
66

7-
### [**Steampipe - Kubernetes Compliance](https://github.com/turbot/steampipe-mod-kubernetes-compliance)
7+
### [Steampipe - Kubernetes Compliance](https://github.com/turbot/steampipe-mod-kubernetes-compliance)
88

99
It's will **several compliance checks over the Kubernetes cluster**. It includes support for CIS, National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity technical report for Kubernetes hardening.
1010

@@ -124,6 +124,62 @@ To install:
124124
| Homebrew (macOS and Linux) | `brew install kube-score` |
125125
| [Krew](https://krew.sigs.k8s.io/) (macOS and Linux) | `kubectl krew install score` |
126126

127+
## Tools to analyze YAML files & Helm Charts
128+
129+
### [**Kube-linter**](https://github.com/stackrox/kube-linter)
130+
131+
```bash
132+
# Install Kube-linter
133+
brew install kube-linter
134+
135+
# Run Kube-linter
136+
## lint ./path/to/yaml/or/chart
137+
```
138+
139+
### [Checkov](https://github.com/bridgecrewio/checkov)
140+
141+
```bash
142+
# Install Checkov
143+
pip install checkov
144+
145+
# Run Checkov
146+
checkov -d ./path/to/yaml/or/chart
147+
```
148+
149+
### [kube‑score](https://github.com/zegl/kube-score)
150+
151+
```bash
152+
# Install kube-score
153+
brew install kube-score
154+
155+
# Run kube-score
156+
kube-score score ./path/to/yaml
157+
# or
158+
helm template chart /path/to/chart | kube-score score -
159+
# or if the chart needs some values
160+
helm template chart /path/to/chart \
161+
--set 'config.urls[0]=https://dummy.backend.internal' \
162+
| kube-score score -
163+
```
164+
165+
### [Kubesec](https://github.com/controlplaneio/kubesec)
166+
167+
```bash
168+
# Install Kubesec
169+
## Download from https://github.com/controlplaneio/kubesec/releases
170+
171+
# Run Kubesec in a yaml
172+
kubesec scan ./path/to/yaml
173+
# or
174+
helm template chart /path/to/chart | kubesec scan -
175+
# or if the chart needs some values
176+
helm template chart /path/to/chart \
177+
--set 'config.urls[0]=https://dummy.backend.internal' \
178+
| kubesec scan -
179+
```
180+
181+
182+
127183
## Tips
128184

129185
### Kubernetes PodSecurityContext and SecurityContext

0 commit comments

Comments
 (0)