I love that since Kube is a standard API we can implement preflight checks like this that work for "any" kube cluster automatically.
cool! happy to hear that. if you have any ideas or comments about Kubescape, we would love to hear them
If you could check for container signing and providence on all materials and make sure that only a single registry is being used (ex only `internal.company.com:443`) and make sure it's not possible to schedule pods with unsigned/untrusted containers that would be awesome.
For materials you can use syft https://github.com/anchore/syft