prowler-kubernetes
Kubernetes cluster security assessment
TLDR
Run Kubernetes security assessment
$ prowler kubernetes
Run with specific context$ prowler kubernetes --context [my-cluster]
Run specific checks$ prowler kubernetes --checks [pod_security_policy]
Output to JSON$ prowler kubernetes -M json -o [results/]
SYNOPSIS
prowler kubernetes [options]
DESCRIPTION
prowler kubernetes performs security assessment of Kubernetes clusters. It checks for misconfigurations, RBAC issues, pod security violations, and compliance against security best practices including the CIS Kubernetes Benchmark.The tool connects to the cluster using the current kubeconfig context and evaluates resources across namespaces. Results can be filtered by specific checks, namespaces, or compliance frameworks.
PARAMETERS
--checks checks
Specific checks to run.--context name
Kubernetes context.--namespace name
Target namespace.--compliance framework
Compliance framework.-M, --output-modes format
Output format.-o, --output-directory dir
Output directory.
CAVEATS
Requires appropriate RBAC permissions to read cluster resources. Some checks need cluster-admin access. Results reflect the current state at scan time. The `--context` flag must match an existing kubeconfig context.
