k8sec scans your cluster configurations and container images, then performs smart data correlation and processing to guide you on a Security-by-Design path.
Built for red/blue teams, DevSecOps and SREs who need one correlated view of attack paths, image risk and misconfigurations across the whole cluster.
k8sec runs as a native Kubernetes agent pod, continuously reading cluster state and correlating it with image vulnerabilities and configuration risk to create a live security graph.
Identify how an initial compromise can move across nodes, namespaces and services. k8sec computes attack paths from internet-facing entry points to your most sensitive workloads.
Enumerate every container image and configuration in the cluster, link them to CVEs and misconfigurations, and attach findings directly to the workloads and namespaces that run them.
k8sec correlates exploitability, exposure and business criticality to surface the few issues that truly matter, turning thousands of raw findings into a focused Security-by-Design roadmap.
k8sec is built for security engineers who need correlated intelligence, not isolated scanner outputs. Every signal is tied back to the workloads and paths that really matter.
k8sec ingests data from image scanners, RBAC, NetworkPolicies and runtime context and correlates them into a single graph. You see which vulnerabilities align with real attack opportunities – and which are just noise.
From pod → service → role → node, every hop is modeled as a graph edge.
Enumerate every image running in your cluster, match it to CVE data, and attach severity to the actual deployments and namespaces. Image risk is shown in context of internet exposure, privileges and data sensitivity.
Example: “nginx:1.19” vulnerable and exposed only on canary → different priority than the ingress gateway in production.
k8sec builds attack-path graphs that show how a compromised pod can move laterally using service accounts, cluster roles, and misconfigured network boundaries. You get a prioritized list of “shortest paths to crown jewels”.
Combine RBAC analysis, service topology and exposed endpoints into one visual map.
Simulate attacker behavior against your modeled graph without destructive exploits. k8sec tests privileges, reachable services, and policy effectiveness to predict which paths would succeed in a real incident.
“If this pod is compromised, which secrets, services and nodes could be reached?”
k8sec deploys a lightweight agent pod inside your cluster. The same pod acts as a graph controller: it listens to the Kubernetes API (and kubelet signals where available) to build a live model of nodes, pods, identities and flows.
Kubernetes Cluster
The k8sec agent pod listens to the Kubernetes API and kubelet-exposed state, then streams normalized events (images, RBAC, network flows) into a live security graph for correlation and attack-path analysis.
Inspired by modern cloud-native security platforms such as Aqua Security.
Publish deep dives, attack-path analyses, and Kubernetes security patterns. Each article can reference real lab scenarios discovered by k8sec in your clusters.
Attack Paths
Walk through a full attack path discovered by k8sec in a lab cluster – from exposed ingress
to a misconfigured ServiceAccount with access to kube-system.
Image Vulnerabilities
Not every critical CVE is critical for your cluster. Learn how k8sec merges image scanning with network and RBAC data to prioritize what to patch first.
Read articleResources
Curated resources: CIS mappings, Kyverno policy packs, kube-hunter lab scenarios, and “red vs blue” runbooks you can adapt to your environment.
Browse resourcesLink this section to a dedicated docs site (MkDocs, Docusaurus, GitHub Pages) with installation steps, CRD references and example policies for k8sec.
Go to GitHub