k8sec
Agentic Cluster Security · alpha

Security Beyond
Configuration.

k8sec scans your cluster configurations and container images, then performs smart data correlation and processing to guide you on a Security-by-Design path.

Built for red/blue teams, DevSecOps and SREs who need one correlated view of attack paths, image risk and misconfigurations across the whole cluster.

Live Focus : Attack Path Discovery
Install Agent Explore Features
$ k8sec scan-all --cluster production-us-east
> Discovering pods & images... OK
> Correlating cluster configs & CVEs... OK
> Mapping attack paths across namespaces...

Core Capabilities

k8sec runs as a native Kubernetes agent pod, continuously reading cluster state and correlating it with image vulnerabilities and configuration risk to create a live security graph.

NGINX Migration Guide

Hardening Guide

Nginx Ingress Controller: Migration & Security Guide

Production migration path for Nginx Ingress on Kubernetes — TLS hardening, annotation security, rate limiting, and the misconfigurations that expose clusters.

Read article
Kubernetes Compliance

Policy & Compliance

Kubernetes Compliance: CIS Benchmarks & NSA/CISA Hardening

Not all 200+ CIS controls matter equally. Security-first prioritization ranked by real-world exploitability — not auditor comfort.

Read article
Securing Your Pods

Hardening Guide

Start Securing Your Pods: Seccomp, SELinux & What Undoes Everything

Your pod spec can undo months of infrastructure hardening in 47 lines of YAML. Seccomp, SELinux, secrets, probes, and the Docker socket explained.

Read article

Documentation (coming soon)

Link this section to a dedicated docs site (MkDocs, Docusaurus, GitHub Pages) with installation steps, CRD references and example policies for k8sec.

Go to GitHub