kubeaudit
TLDR
Audit running cluster
$ kubeaudit all
Audit manifest files$ kubeaudit all -f [deployment.yaml]
Run specific auditor$ kubeaudit [privileged] -f [manifest.yaml]
Audit in cluster$ kubeaudit all -c [cluster]
Output as JSON$ kubeaudit all -f [manifest.yaml] -p json
List auditors$ kubeaudit --help
SYNOPSIS
kubeaudit [auditor] [options]
DESCRIPTION
kubeaudit audits Kubernetes clusters and manifests for security vulnerabilities. It checks configurations against security best practices.
The tool can audit running clusters, local manifests, or both, providing actionable findings for improving cluster security.
PARAMETERS
all
Run all auditors.-f file
Audit manifest file.-d dir
Audit directory of manifests.-c, --context name
Kubernetes context.-n, --namespace name
Target namespace.-p, --format format
Output format: logrus, json, sarif.--minSeverity level
Minimum severity to report.
AUDITORS
$ privileged Privileged containers
capabilities Added capabilities
rootfs Read-only root filesystem
runAsNonRoot Running as root user
limits Resource limits
hostns Host namespace usage
seccomp Seccomp profile
apparmor AppArmor profile
capabilities Added capabilities
rootfs Read-only root filesystem
runAsNonRoot Running as root user
limits Resource limits
hostns Host namespace usage
seccomp Seccomp profile
apparmor AppArmor profile
CAVEATS
Some findings may be intentional configurations. Cluster audit requires permissions. False positives possible for specialized workloads.
HISTORY
kubeaudit was created by Shopify to identify security risks in Kubernetes deployments before they reach production.
SEE ALSO
kubectl(1), kube-linter(1), trivy(1)
