KubiScan
KubiScan copied to clipboard
A tool to scan Kubernetes cluster for risky permissions
## Is your feature request related to a problem? Please describe. some time's you as Pen-Tester or Read Team Member get access to Role Definition Yaml Files and would like...
This just moves the urllib3 warning suppression line to be enable automatically, when token auth is used. Should fix #5 . Tested with/without CA when using token. Have encountered no...
- Pin Python dependencies to versions (see requirements.txt) - Improve security of container - reduce the scope of mounted artefacts into the image such that one can mount just the...
Hello again ! :) When I run Kubiscan against an Amazon EKS cluster, I find a lot of HIGH and CRITICAL resources (mostly system:controller: stuff) that lives inside the cluster...
Not an issue but insecure option should be added if only "TOKEN" is used. otherwise every command run we will get following error .. ``` /usr/local/lib/python3.6/dist-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request...
### Desired Outcome Images are build and released using GitHub Actions and ghcr.io automatically for each release and commit. The latest image is over 4 years old. ### Implemented Changes...
## Description I want to run KubiScan on the EKS cluster. But I did not find anything in the documentation or on the Internet about how to do it correctly....
Hi there, I noticed that the "patch" verb on workloads (pods, statefulsets etc) isn't mentioned. Would it be worth adding it?
## anonymous After creating a clusterrolebinding for the user system: anonymous, I didn't see in the list of Risky report.
## Summary This is more of a question rather than a bug. Does kubiscan contact any internet server as part of the scan? Since your recommended method to run is...