Kubescape comes with few built-in frameworks, these frameworks are based on compliance requirements (like: CIS) or industry best practices (like: MITRE and NSA). In some cases, you don’t think that every control is relevant to your organization. Kubescape allows you to create your own framework and chose the controls which are relevant to your organization.
Once you create this framework, you enjoy the same features as any framework, like: see drifts, set exceptions and risk score trend.
In order to create a custom framework using Kubescape SaaS, you need to click on the setting button on the right, upper side of the page.
A new tab appears with the settings.
Click on the Frameworks link in the left menu.
The list of the built-in frameworks appears.
Click on “New Framework”.
Enter the name of the framework, this is the name you will use in the when you use the Kubescape scan command (pay attention that it is case sensitive, meaning myFW is not the same as myfw).
Enter a description.
Chose which controls will be in this framework.
Congratulations! You have a new framework. You can see it in the framework list and use it to scan the cluster.
In case you forgot a certain control, you can add it by editing the framework or by clicking the Controls sub menu and adding a control to the framework by clicking the “+” button.
Updated 4 months ago