Running a command-line scan

You can scan a cluster using kubescape scan. These are the default options we suggest you start with:

kubescape scan --verbose --enable-host-scan --submit
  • --verbose: display all resources, including those that do not trigger a security control
  • --enable-host-scan: turn on host scanning
  • --submit: send the scan results to ARMO Platform

If you do not specify a certain framework, all frameworks will be tested against.

What’s Next