Customize your scans

Using ARMO Platform you can create and modify your custom framework, modify configurable controls, create custom controls, and add ignore rules.

We highly recommend customizing the ARMO Platform’s frameworks and controls to closely match your organization’s security posture.

To navigate to the security posture pages:

  1. In the sidebar, click Settings.
  2. Click either Frameworks or Controls.

The Frameworks page lists all available frameworks. You can drill-down and view all controls included in a framework, or create custom frameworks.

The Controls page lists all available controls. You can view all controls, configure controls, add controls to custom frameworks, and create custom controls.

What Kubernetes resources are scanned?

Kubescape scans a variety of Kubernetes resources, including but not limited to, deployments, statefulsets, daemonsets, replicasets, jobs, cronjobs, pods, services, configmaps, secrets, network policies, and custom resource definitions.

Workloads Kubescape scans Kubernetes Deployments to assess the security of the containers they manage. It checks for best practices adherence, security configurations, and potential vulnerabilities within the deployment manifests.

Services Kubescape examines Kubernetes Services to ensure that they are properly configured and do not expose sensitive information or pose security risks to the cluster.

ConfigMaps and Secrets Kubescape evaluates Kubernetes ConfigMaps and Secrets to identify any sensitive information or misconfigurations that could lead to security breaches.

RBAC Policies Kubescape assesses Kubernetes Role-Based Access Control (RBAC) policies to ensure that they are correctly configured and do not grant excessive permissions that attackers could exploit.

Nodes Kubescape scans Kubernetes Nodes to identify vulnerabilities in the container runtime environment. This includes vulnerabilities in the underlying operating system and dependencies.

Container Images Kubescape scans Docker images used to build Kubernetes containers. It checks for vulnerabilities in the software packages and libraries installed within these images.

Network policies Kubescape reads network policies to verify the best practices around the network security of the cluster and suggest improvements if required

Security policies Kubescape scans policy objects like Secomp to verify the protection of workloads and nodes.

Storage configurations Kubescape checks storage objects like Persistent Volumes, Claims, and Storage Classes to verify encryption settings of storage used by workloads

Git repositories scanning##

Kubescape scans Kubernetes configuration files including YAML, Helm, and Kustomize from popular Git repositories like GitHub, Bitbucket, GitLab, and Azure DevOps.
Overall, Kubescape provides comprehensive security scanning for various Kubernetes resources, helping organizations identify and mitigate security risks in their Kubernetes clusters.