Skip to main content

Scan Kubernetes from your local workstation

Mondoo makes it very easy to scan all your running pods.

Mondoo Kubernetes scan from CLI

info

To ensure the maximum security, we recommend to scan container images before they are deployed into production e.g. within a CI/CD run or within a container registry

Requirements

Install and set up kubectl. Make sure you can see your pods:

kubectl get pods
NAME READY STATUS RESTARTS AGE
centos-6b88594b-jm7bp 0/1 CreateContainerError 0 5d1h
hello-node-7676b5fb8d-xck5l 1/1 Running 0 5d1h

Scan

Mondoo leverages the configuration from kubectl. No additional configuration is required. To scan all context, run:

mondoo scan k8s

Scanning images in pods

To optionally scan container images defined in Kubernetes pods run:

mondoo scan k8s --discover container-images

Scanning specific namespaces

By default Mondoo will scan all Kubernetes namespace. To target a specific namespace use the --namespace flag:

mondoo scan k8s --namespace EXAMPLE_NAMESPACE