Skip to main content

Assess Kubernetes Security with cnspec

cnspec assesses your full Kubernetes environment for misconfigurations that put your organization at risk. You can scan your Kubernetes clusters for compliance with security policies created by Mondoo or the community, or create your own policies. You also can write individual tests to run on the fly or include in automated tasks.

You can also scan Kubernetes manifests to catch misconfigurations. Integrating manifest scanning in your development process can eliminate risks before they reach production.

For a list of Kubernetes resources you can test, read Mondoo Kubernetes (k8s) Resource Pack Reference and Mondoo Core Resource Pack Reference.

Connect cnspec with your Kubernetes environment


To test your Kubernetes environment with cnspec, you must have:

Verify with a quick Kubernetes check

To quickly confirm that cnspec has access to your Kubernetes environment, run this check from your terminal:

cnspec run k8s -c 'k8s.deployment.uid != "foo"'

This asserts that none of your deployments are named foo. cnspec returns a report listing your deployments. For each, it indicates whether the deployment meets the requirement (not named foo):

[passed] k8s.deployment.uid != "foo"

[ok] value: "057e7351-5738-4d3b-bd5f-46d86403c563"

[ok] value: "8038b1f4-020d-4f3f-a1da-8ec86044b9d7"

[ok] value: "aadd280e-4498-4071-8fd0-1fad781a2d07"

Next step

You've successfully used cnspec to run your first check against your Kubernetes infrastructure. Now you're ready to explore more Kubernetes information.