Premium or Enterprise · 280 specialized tests

Kubernetes Security

kube-bench (CIS) + kube-hunter (active) — authenticated K8s cluster audit

€199 Add to Scan

What Gets Tested

CIS Kubernetes Benchmark (control-plane + node + etcd + policy)
Active K8s vulnerability scanner (kube-hunter)
Anonymous API server access detection
Exposed kubelet / dashboard / etcd detection
Customer-supplied kubeconfig (read-only ServiceAccount binding)
EKS / GKE / AKS specifics (Sys:All trap, public API + leaked creds)
In-cluster post-exploit toolkit available (Peirates, opt-in)

How It Works

1

Kubeconfig Setup

Customer creates a read-only ServiceAccount + RoleBinding, exports the kubeconfig, and shares it via secure transfer.

2

CIS Benchmark

kube-bench iterates the CIS Kubernetes controls, surfacing failures by section (master / node / etcd / policy).

3

Active Probing

kube-hunter probes for exposed components: anonymous API access, exposed kubelet, dashboard, etcd, etc.

4

Reporting

Findings ranked by CVSS + EPSS + KEV. Compliance mapped to CIS / PCI / SOC2 / ISO27001.

Compliance Coverage

CIS-Kubernetes PCI-DSS-2.2 SOC2-CC6 ISO-27001-A.13

Kubernetes Security

€199

Premium or Enterprise · One-time per scan

280 specialized tests + AI-powered analysis

Start Your Scan

Select this addon when configuring your scan

Related Add-Ons

Cloud Security Posture Management

€199

Authenticated CSPM via Prowler — 572 AWS checks across 41 frameworks (CIS / PCI-DSS / SOC2 / ISO27001 / HIPAA)

Aggressive Pentest

€599

Full exploitation testing — SQL injection, RCE, credential brute force, consent-gated proof-of-exploit