Thursday, 11 June 2026 @ 17:01 UTC ~33 12,987 142,373

kubescape

kubescape · kubescape.kubescape

An open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters

Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources. Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including NSA-CISA, MITRE ATT&CK® and the CIS Benchmark). Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) sandbox project.

winget install --id kubescape.kubescape --exact --source winget

Latest 4.0.9

Release Notes

Changelog

  • ff48571 fix(resourcehandler): surface partial GVR collection failures instead of silently suppressing them
  • 7da1924 Accept advertised base URI format in vulnerability manifest parser
  • b503153 Add BoolPtrFlag unit tests
  • 46f5695 Add image command RunE tests (#2182)
  • e435fde Add threshold bounds unit tests
  • fdf58c8 Add workload identifier parsing tests
  • de1b3a1 Avoid nil source dereference in report marshal logging
  • 969470d Emit SecurityException events for posture exception matches (#2291)
  • d4d4d38 Feat/vap enforcement reconcile (#2307)
  • 94ae647 Fix control scan validator error
  • 0282a3e Fix false-positive master node taint classification
  • a1a50ee Fix field selector state carryover across resource queries
  • 1666f7b Fix inverted keepResults cleanup logic
  • eedf923 Fix lint baseline issues
  • 4ac5a3e Improve validation and error handling for config set
  • 4bb74d3 Merge branch 'master' into test/imagescan-db-load-validation-pr
  • 5d70480 Merge branch 'master' into test/imagescan-db-load-validation-pr
  • 93bb574 Merge branch 'master' into test/imagescan-default-db-config-validation
  • 07ea4bb Merge branch 'master' into test/listener-tls-key-error-cases
  • 2437c87 Merge branch 'master' into test/rootutils-logger-env
  • 5c2ad60 Merge branch 'master' of https://github.com/kubescape/kubescape into 2185
  • 9e2990f Merge branch 'master' of https://github.com/kubescape/kubescape into fix/pdf-html-default-output-file
  • 35874cb Merge pull request #2062 from pfarikrispy/master
  • ce8aa66 Merge pull request #2067 from Shreya2005-2005/docs/fix-operator-vulnerabilities-short-description
  • 126add7 Merge pull request #2069 from Sanchit2662/feat/scan-coverage-not-evaluated
  • 5347768 Merge pull request #2070 from Shreya2005-2005/fix/patch-buildchannel-goroutine-leak
  • c69b285 Merge pull request #2072 from Shreya2005-2005/fix/findfile-walkfn-error-handling
  • 04e9228 Merge pull request #2074 from Varadraj75/test/results-compliance-score-coverage
  • c82ca31 Merge pull request #2076 from kimjune01/fix/vulnerability-manifest-uri-parsing
  • f44d7ee Merge pull request #2077 from yugal07/2065
  • c0788db Merge pull request #2078 from Sanchit2662/fix/bump-k8s-interface-multi-group-clean
  • 34bf98b Merge pull request #2079 from Mujib-Ahasan/format-output
  • 2b13b27 Merge pull request #2081 from kubescape/dependabot/go_modules/github.com/in-toto/in-toto-golang-0.11.0
  • 8243904 Merge pull request #2082 from kubescape/dependabot/go_modules/httphandler/github.com/in-toto/in-toto-golang-0.11.0
  • b79ec88 Merge pull request #2085 from Varadraj75/test/compliance-results-comprehensive
  • 9f210ac Merge pull request #2088 from Shreya2005-2005/docs/fix-patch-format-flag-description
  • 983dfa3 Merge pull request #2090 from jijo-OO7/feat/anonymize-resource-metadata
  • 04c6953 Merge pull request #2091 from Shreya2005-2005/feat/junit-skip-message-from-status-info
  • 0fdacad Merge pull request #2093 from Shreya2005-2005/fix/list-policy-type-requeued-typo
  • 0ac1f21 Merge pull request #2094 from anxovatomica/fix/typo-requeued-required
  • 1879192 Merge pull request #2095 from looooown2006/fix/list-policy-type-required-2092
  • 658df04 Merge pull request #2098 from Shreya2005-2005/fix/remove-unreachable-args-check-and-fix-typo
  • 8c0a6de Merge pull request #2100 from Sanchit2662/feat/fail-coverage-below
  • 51a3f0c Merge pull request #2101 from yugal07/fix/junit-output-spec-compliance
  • 70f2cd2 Merge pull request #2103 from Ridhi-03Kumari/refactor/replace-context-todo-initutils-test
  • 8b91c03 Merge pull request #2105 from Ridhi-03Kumari/refactor/replace-context-todo-downloader
  • 9661b0d Merge pull request #2106 from workwithsarang/fix/krew-release-template
  • 7669efa Merge pull request #2107 from workwithsarang/fix/junit-skip-message
  • e62afd0 Merge pull request #2109 from ThakurUjjwal1706/fix-results-idor-security
  • 85dcb5f Merge pull request #2112 from Shreya2005-2005/fix/mcpserver-marshal-error-handling
  • e61b7f1 Merge pull request #2114 from Shreya2005-2005/test/anonymizer-package-coverage
  • 649b676 Merge pull request #2117 from Ridhi-03Kumari/fix/handle-scorewrapper-calculate-error
  • 5440b19 Merge pull request #2120 from Shreya2005-2005/fix/mask-envfrom-in-remove-containers-data
  • 8a688a7 Merge pull request #2121 from yugal07/fix/2108-report-unfixed-controls
  • 2ca64ba Merge pull request #2125 from Sanchit2662/test/httphandler-status-serverstate-coverage
  • 6d28916 Merge pull request #2126 from aaa-aashna/improve-config-set-validation
  • c42ca75 Merge pull request #2127 from dakshhhhh16/add-core-patch-os-tests
  • 4bf9530 Merge pull request #2129 from jijo-OO7/feat/anonymize-container-metadata
  • 7aa2f39 Merge pull request #2130 from Ridhi-03Kumari/refactor/replace-log-printf-with-logger-in-mcpserver
  • 9adb0dc Merge pull request #2132 from Shreya2005-2005/fix/clear-valuefrom-in-remove-containers-data
  • a36a457 Merge pull request #2133 from Ridhi-03Kumari/fix/typo-argument-in-completion.go
  • 0a50515 Merge pull request #2136 from Shreya2005-2005/fix/anonymize-container-list-type-assertion
  • f8070cb Merge pull request #2137 from Ridhi-03Kumari/fix/handle-fclose-error-in-requestshandlerutils
  • 17f115b Merge pull request #2141 from dakshhhhh16/add-rbac-report-tests
  • 008d045 Merge pull request #2142 from dakshhhhh16/add-attacktrack-printer-tests
  • 85d8a57 Merge pull request #2143 from dakshhhhh16/add-scaninfo-policy-tests
  • 726f60f Merge pull request #2144 from dakshhhhh16/add-account-id-validation-tests
  • de558df Merge pull request #2146 from Shreya2005-2005/fix/mcp-calltool-propagate-request-context
  • 4e41dab Merge pull request #2148 from Shreya2005-2005/fix/anonymize-labels-to-copy-when-hide-set
  • 854dee1 Merge pull request #2150 from Shreya2005-2005/docs/fix-patch-command-short-and-long-description
  • 8984a78 Merge pull request #2154 from aaa-aashna/fix-fieldselector-state-leak
  • c933ea3 Merge pull request #2155 from jijo-OO7/fix/anonymize-unstructured-container-support
  • 02be936 Merge pull request #2157 from aaa-aashna/avoid-nil-source-panic-in-report-logging
  • dc94733 Merge pull request #2158 from aaa-aashna/fix-master-node-taint-classification
  • 02cbaf2 Merge pull request #2159 from aaa-aashna/fix-unfixed-control-summary-count
  • 8e38a7b Merge pull request #2160 from Sanchit2662/fix/include-selector-cluster-scoped-dedup
  • 33e8929 Merge pull request #2168 from Varadraj75/fix/ci-fork-workflow-permissions
  • 729cd7f Merge pull request #2169 from Shreya2005-2005/fix/patch-format-flag-validation
  • a31a6a3 Merge pull request #2170 from Sanchit2662/fix/partial-collection-silent-pass
  • ae42f87 Merge pull request #2171 from Sanchit2662/test/httphandler-results-coverage
  • 6f58086 Merge pull request #2173 from aaa-aashna/fix-keepresults-cleanup-logic
  • d0c9afe Merge pull request #2175 from Shreya2005-2005/fix/list-vulnerability-manifests-namespace-filter
  • 659352e Merge pull request #2177 from AnvayKharb/test/workload-scan-unit-tests
  • 76cf64e Merge pull request #2178 from Shreya2005-2005/fix/prometheus-score-writes-to-writer
  • 3854ebc Merge pull request #2179 from AnvayKharb/test/scan-validator-unit-tests
  • 1217bfc Merge pull request #2180 from AnvayKharb/test/parse-workload-identifier
  • 8da81dc Merge pull request #2181 from AnvayKharb/test/thresholds-only-unit-tests
  • c625827 Merge pull request #2183 from AnvayKharb/test/boolptr-flag-unit-tests
  • 53f9950 Merge pull request #2184 from krrishverma1805-web/fix/lint-baseline-cleanup
  • 54f5387 Merge pull request #2186 from AnvayKharb/test/require-resource-match-unit-tests
  • f8176b7 Merge pull request #2187 from krrishverma1805-web/perf/parallel-resource-pull
  • cc39e1d Merge pull request #2188 from krrishverma1805-web/fix/propagate-context-storage
  • 27d6620 Merge pull request #2192 from yugal07/fix/pdf-html-default-output-file
  • 0f27f85 Merge pull request #2195 from Ridhi-03Kumari/refactor/structured-log-initutils
  • 231cb67 Merge pull request #2197 from AnvayKharb/test/patch-default-tag-unit-tests
  • dd8b0b1 Merge pull request #2199 from yugal07/2185
  • a240ed6 Merge pull request #2200 from AnvayKharb/test/imagescan-default-db-config-pr
  • b3552da Merge pull request #2201 from AnvayKharb/test/imagescan-db-load-validation-pr
  • b784931 Merge pull request #2202 from jijo-OO7/test/reorganize-anonymizer-unit-tests
  • fe9fbff Merge pull request #2203 from yugal07/2189
  • 5f9c637 Merge pull request #2204 from Shreya2005-2005/fix/prometheus-missing-help-type-headers
  • e796919 Merge pull request #2206 from Ridhi-03Kumari/refactor/structured-log-customerloader
  • c8456f3 Merge pull request #2209 from AnvayKharb/test/imagescan-default-db-config-validation
  • aed2947 Merge pull request #2212 from AnvayKharb/test/listener-env-port-offline
  • 622def7 Merge pull request #2213 from AnvayKharb/test/listener-tls-key-error-cases
  • e8f898a Merge pull request #2214 from Ridhi-03Kumari/fix/log-message-processruleslistener
  • 4c10e6b Merge pull request #2215 from AnvayKharb/test/opaprocessor-summary-manual-review
  • ed52292 Merge pull request #2219 from ivaresarthak-cloud/security/pin-actions-to-sha
  • bcffe4e Merge pull request #2221 from AnvayKharb/test/boolptr-httpurl-helpers-unit-tests
  • fec3c13 Merge pull request #2222 from AnvayKharb/test/fileformat-yaml-separator-unit-tests
  • 070d57b Merge pull request #2224 from dakshhhhh16/test-prometheusutils-extract
  • 037e508 Merge pull request #2225 from dakshhhhh16/test-metrics-init-update
  • 245e6b0 Merge pull request #2226 from dakshhhhh16/test-datastructures-helpers
  • 365760e Merge pull request #2227 from dakshhhhh16/test-operatorscaninfo-validation
  • 33aeb83 Merge pull request #2228 from AnvayKharb/test/imagescan-default-matcher-config
  • 5b46aa7 Merge pull request #2229 from dakshhhhh16/test-scancoverage-helpers
  • dfd2421 Merge pull request #2230 from AnvayKharb/test/rootutils-logger-env
  • 99fee16 Merge pull request #2231 from AnvayKharb/test/rootutils-logger-name-env
  • 75c1a7f Merge pull request #2232 from AnvayKharb/test/rootutils-logger-name-precedence

Installer type: portable

Architecture Scope Download SHA256
x64 Download C9F9E268FF974F3C4A2E1960DFAA5C8ABED3B24760E727790632427853CAF387
arm64 Download 0D41DA98C24C036317DD6FAC2C95636B4A54662D7ADF4D6E59B34805B1EECF43

Details

Homepage
https://github.com/kubescape/kubescape
License
Apache-2.0
Publisher
kubescape
Support
https://github.com/kubescape/kubescape/issues
Copyright
Copyright 2021-2023, the Kubescape Authors
Moniker
kubescape

Tags

best-practicedevopskubernetesmitre-attacknsasecurityvulnerability-detection

Older versions (24)

4.0.8
Architecture Scope Download SHA256
x64 Download 8CD8D6A166B4FFBC1239F2B56221527406A2B200C83043739AFCC27825603E64
arm64 Download C36CAAC6F1DD00C03BA1FA43ACFDEDB7593E564FCB5E78029AB1A142625F5CBF
4.0.7
Architecture Scope Download SHA256
x64 Download 22179761A27F9761A206BA2C28E77796EB8776497FABFDBC8245567C86B5DC36
arm64 Download 9C9C2EF45506FE48EB5A670035DA56A008CEA4EA24FF3347D04687CFC5F109E6
4.0.6
Architecture Scope Download SHA256
x64 Download 592CB071C507CB49231E1D288181FAA76A5E8FC0543484B24DEE5F737E2B6BF0
arm64 Download 9BD2730A9568F42DA83AD38CBB57EC7A6BC46C883D927C3EB20B8D99121C11F1
4.0.5
Architecture Scope Download SHA256
x64 Download F3009C9D55A1113EFB9635D2C0947C5590C6C54C98EACB4F34B1755ADC8D7907
arm64 Download E523C8E4A3465DD38497EB3EB3DA13736E81DCAB111CA1335A4338F568BE668B
4.0.3
Architecture Scope Download SHA256
x64 Download DAF4D257FC7417EA6ED91AFC1D795FCB024A90301A96D75AAD63A88EAE21EB35
arm64 Download F17475A766453726103E8ABE4507E2BD33548E3EC5BD6D681E2818EC04496D62
4.0.2
Architecture Scope Download SHA256
x64 Download 6D9D65C3F0D49600F8163EC69710579F99F68DC980DBCD8C91A2385D2B69B204
arm64 Download ABAF3F920B1BC0A088852D7B0B3501D501FDFE6A70ABD460C8F11C8FFD5691B8
4.0.1
Architecture Scope Download SHA256
x64 Download DE3F6CF1BF55FDA0D154B4C502AA7D6C908E9D920ED26EA3D9FC255D86259EB7
arm64 Download BF57DD5CCCD680EE71B21869CBF706D71DACEC9BD691160AE6EB0C33EA1E3AC3
4.0.0
Architecture Scope Download SHA256
x64 Download 00B3254C502B67B18818396DD72BEBB324D5470F69BC7B1023F10834649907B2
arm64 Download F200DA7180BE8375AC31EAB3D049AF4DEFF3A0108C37EE1C7C4A428A0BBF1CCA
3.0.46
Architecture Scope Download SHA256
x64 Download B49D04F7F197FC44262F08597B91D2E8E15C1855E1C40D3560694139AC3917FA
arm64 Download 7EF9F7421F13656B4435EA04E291FF6C6F4EFCAC0582A6A632A1FDCCC8630034
3.0.45
Architecture Scope Download SHA256
x64 Download 2C490E289F20806A7627E658B943540A7D0DDAC646CE55F54CAEC04CBEAA3E13
arm64 Download BF109703372FC13C9B0C47F39DB87AE67CB8397AE1DB467CBCF30F4B2E43BCE9
3.0.44
Architecture Scope Download SHA256
x64 Download B99317A5D264F279F5017C24C43DD956A6A194C78BC879AEA348500172E56849
arm64 Download FBAC25477704373C66D12145DA19C09C2871864D7923622B05BF19EEBC734A64
3.0.43
Architecture Scope Download SHA256
x64 Download 89983322CC4F7AEA18B890DFB3396EB7E28B9E7D70262886C0C676B1CB606F9C
arm64 Download 870FAE09E4FECECAD3A324146BEEC7942D0ACB0B0E8089D3564E5A7176F567C5
3.0.42
Architecture Scope Download SHA256
x64 Download 85B86FE756FAF272F2BD5DFCB5D666FC776D096CB88B62E7824FB4970D10D24B
arm64 Download 146BDC184DF8EC932CC818327E929DB94066C3DB3F0286080AD27437AB267532
3.0.41
Architecture Scope Download SHA256
x64 Download BDA29D7C79787896DD27D8C36D937989FF949C699C79E1D7B425CB436279E9F3
arm64 Download 4CFC2FE709561E2DF8DFBD649702DCF989822FF91E1D6A99C95FA16BBEC62185
3.0.40
Architecture Scope Download SHA256
x64 Download BF1A9DFE958D720D0C741ABE491C5CEAAB3B0B492C24C65D9ABA7F73BA86BA95
arm64 Download ECA6D038D724B1D172FB8F4A4CAD2A0C51BD4B45C14C1F2ADB5AEC20AAE47C73
3.0.39
Architecture Scope Download SHA256
x64 Download DC6FBF0965547FD25537A672E77DD6B429E232675B0645FD3C710313CD04C42D
arm64 Download 0FD4A20B0741E1D912FCA6529B9FA5E9C8A13828ECCFEA992063EA26FE8B4420
3.0.38
Architecture Scope Download SHA256
x64 Download 8F286A213A1B42145F68B5AE8767E31DD5419AA8ED47B22A26867AF10E0BA1E9
arm64 Download 48F4A62C60B72CD04F3C2FB65A56C811E720448254CC43858DB586333A9F7569
3.0.37
Architecture Scope Download SHA256
x64 Download 5699688B1936CE1095164E5975F18791F48BC0FD032A3879D750C7BD8DF27598
arm64 Download 85D48BE170B3264B523272B2C7856C483C4B00A4DEFF26334F64FA0F7ED9C486
3.0.36
Architecture Scope Download SHA256
x64 Download 4CD7AF2E55598E1A27ACB98D96C6E0E262F12829255AD77CF77260FACB131C62
arm64 Download 7B41F6539042C8E7FF3C56DAE7FC2676D0D0AB6EABABA4793249C409ED409AB6
3.0.35
Architecture Scope Download SHA256
x64 Download 9DF4DCEA8EB61C537BDFC06361F433A8D3D0774E549C395A0BC89DC44742DBC3
arm64 Download AB5971A6D34EFA0901E31602FF67944CE459BCA237406CB37017B9F6DC8E7355
3.0.34
Architecture Scope Download SHA256
x64 Download 69F0CAEF7CDD1B6809829E08AFC71B278C0900B7FE31B20F6EC363A4B7899923
arm64 Download F6F8C131745D476D50E3ED750717C121AF1041D8ABF4944938FDE321815B5D36
3.0.28
Architecture Scope Download SHA256
neutral Download FB697B4C0DFD65A9BA8BB8D7B3F8828E3B5D0C612F46C9CB297198E088DB36BD
3.0.11
Architecture Scope Download SHA256
x64 Download E81A8055BA4207C16A090D431DF50613F30E81E85373B4E738ECFB0717945467
arm64 Download E81A8055BA4207C16A090D431DF50613F30E81E85373B4E738ECFB0717945467
3.0.6
Architecture Scope Download SHA256
x64 Download C463CA5B0E6DE497447F5389BF8E67B8E7FFE917D404F944E4816C0EE5910E11
arm64 Download B7FCE4384F84ED7D9AAA322AC74CF11C493832AF1E3B37C514B9D02A3718FFBA