What does HackerNews think of kube-bench?

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Language: Go

#159 in Hacktoberfest

#29 in Kubernetes

Kubernetes Security: 10 Best Practices from the Industry and Community | Sep 2022

I haven't used Kubernetes for a while, but shouldn't kube-bench (1) be enough? Do you have to check anything manually?

(1) https://github.com/aquasecurity/kube-bench

Starboard kubectl plugin for security scans of clusters and workloads | Jun 2020

Aqua has been releasing some really great k8s security tools recently.

kube-bench [1] and kube-hunter [2] are worth a look as well.

[1] https://github.com/aquasecurity/kube-bench [2] https://github.com/aquasecurity/kube-hunter

Kubernetes Security Best Practices | Jan 2019

Expand Context ↕

There used to be a runnable cis benchmark libraries like neuvector/kuberntes-cis-benchmark[0] but there are less these days. Aqua Security also has one called kube-bench[1] which looks to be in better shape.

[0]: https://github.com/neuvector/kubernetes-cis-benchmark

[1]: https://github.com/aquasecurity/kube-bench

Kubernetes Security – Best Practice Guide | Apr 2018

Expand Context ↕

This looks potentially very useful, thanks for sharing!

There appear to be several of these worth investigating. Ordered by highest to lowest apparent activity level and update frequency:

https://github.com/aquasecurity/kube-bench (Go)

https://github.com/neuvector/kubernetes-cis-benchmark (Bash)

https://github.com/dev-sec/cis-kubernetes-benchmark (Ruby)