Kubernetes Security Validator

Analyze Kubernetes manifests for security vulnerabilities and best practices

Paste Your Kubernetes Manifest (YAML)

Example Manifests

🔴 Insecure Pod (Multiple Issues)

apiVersion: v1 kind: Pod metadata: name: insecure-app spec: hostNetwork: true hostPID: true containers: - name: app image: nginx:latest securityContext: privileged: true runAsUser: 0

🟢 Secure Pod (Best Practices)

apiVersion: v1 kind: Pod metadata: name: secure-app spec: securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 containers: - name: app image: nginx:1.21.0 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL resources: limits: cpu: "1" memory: "512Mi" requests: cpu: "100m" memory: "128Mi"

🟡 Deployment (Needs Improvement)

apiVersion: apps/v1 kind: Deployment metadata: name: web-app spec: replicas: 3 selector: matchLabels: app: web template: metadata: labels: app: web spec: containers: - name: web image: nginx:latest ports: - containerPort: 80

🔴 Overly Permissive RBAC

apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: admin-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"]

Security Checks Performed

Container Security

Privileged containers
Running as root user
Privilege escalation
Root filesystem access
Dangerous capabilities

Host Access

hostNetwork usage
hostPID usage
hostIPC usage
hostPath mounts

Resource Management

CPU limits and requests
Memory limits and requests
Image tag best practices

RBAC & Permissions

Wildcard permissions
Secret access
Pod exec permissions
Service account tokens