Kubescape provides comprehensive Kubernetes security coverage across the entire development lifecycle. In CI/CD, it scans Helm charts, Kubernetes manifests, and Dockerfiles against security frameworks including NSA-CISA hardening guidelines, MITRE ATT&CK for containers, and CIS Kubernetes Benchmarks. Each finding includes severity scoring and actionable remediation steps, enabling teams to catch misconfigurations before they reach production.
At runtime, Kubescape uses eBPF-based monitoring to detect anomalous behavior in running workloads — unexpected network connections, file system modifications, process executions, and privilege escalation attempts. The integrated vulnerability scanner assesses container images against known CVE databases and generates Software Bill of Materials (SBOM) for supply chain compliance. Results aggregate into a risk score per workload, namespace, and cluster.
Kubescape is Apache 2.0 licensed and maintained within the CNCF ecosystem alongside projects like Falco and OPA. It integrates with Prometheus for metrics, Slack for alerts, and popular CI systems including GitHub Actions, GitLab CI, and Jenkins. For teams needing a managed experience, ARMO Platform provides a SaaS dashboard with historical trends and multi-cluster visibility. The CLI can be installed via Homebrew, curl, or Krew kubectl plugin.