Introducing the Mondoo Compliance Hub

Kubernetes Security
Posture Management (KSPM)

Boost Kubernetes Security with KSPM: Total Cluster Protection.

Security header screenshot

What is KSPM?

Kubernetes Security Posture Management (KSPM) is designed to keep your cluster secure from start to finish. It covers everything from finding and fixing security weaknesses to constantly monitoring for threats and stopping unauthorized access.

Application ContainersWorkloads: Deployments / PodsCluster ConfigurationCluster NodesCloud Service

Continuous security monitoring

Continuously assess the security posture of the Kubernetes cluster, nodes, identity and access management (IAM), workloads, and containers.

Compliance assessment

Use industry-best practices like certified Center of Internet Security (CIS) Benchmarks for Kubernetes, EKS, AKS and GKE, CISA/NSA Benchmarks, STIG, or German BSI standards.

Flexible Policy-as-Code engine

Customize policies to meet your needs with Mondoo’s open source policy-as-code engine cnspec. Get started quickly with hundreds of OS, cloud, and Kubernetes resources in our GraphQL-based policy-as-code language MQL.

Secure all Kubernetes environments

Mondoo covers all types of Kubernetes deployments, including cloud-based and on-site.

Extensible to any Kubernetes environment.
Everything you need, out of the box.


Policies and Packs

Including CIS, inventory, and more.


Checks and Queries

For security and misconfigurations.

Featured Whitepaper

This whitepaper highlights the importance of extensible security posture management (xSPM) for Kubernetes. By using xSPM capabilities, organizations can ensure the security and compliance of not just the Kubernetes clusters, but the complete infrastructure supporting their workloads.

Multi-cloud Kubernetes & container security

Mondoo scans your Kubernetes workloads to find any misconfigurations before they're deployed to your cluster. This includes scanning container images during both the build and runtime stages, giving you a complete view of all security vulnerabilities in your cluster.

Built for Platform and Security Engineers

KSPM helps platform and security engineers work together to secure Kubernetes clusters


Open and extensible

Mondoo is built on two open-source projects: cnspec and cnquery. This allows us to spread to countless new and existing systems and share a wealth of security checks and practices. For Kubernetes, we open-sourced the cnspec-based Kubernetes operator that natively integrates and runs Kubernetes assessments in an entirely unprivileged environment.

With these open source projects, Mondoo provides transparency to its clients and allows for easy integration and auditing, even in embedded situations. Mondoo continuously expands its support to a range of systems, including older devices and advanced technologies.

Copyright 2023 Mondoo, Inc. All rights reserved.
Privacy Policy | Terms of Service