k8sec correlates image vulnerabilities, attack paths and attack simulations to deliver actionable Kubernetes security intelligence – not just a list of CVEs.
k8sec runs as a native Kubernetes agent, continuously reading cluster state and correlating it with vulnerability and attack-path intelligence.
Map how compromise in a low-privilege namespace can pivot to critical workloads using network exposure and RBAC relationships. Visualize the lateral movement graph.
Turn findings into enforcement. k8sec can generate Kyverno ClusterPolicies based on patterns it sees in your cluster: privileged pods, hostPath usage, unsigned images and more.
Out-of-the-box checks aligned with CIS Kubernetes Benchmarks and NSA guidance, so you can quickly understand where your cluster drifts from hardened baselines.
k8sec is built for security engineers who need correlated intelligence, not isolated scanner outputs. Every signal is tied back to the workloads and paths that really matter.
k8sec ingests data from image scanners, RBAC, NetworkPolicies and runtime context and correlates them into a single graph. You see which vulnerabilities align with real attack opportunities – and which are just noise.
From pod → service → role → node, every hop is modeled as a graph edge.
Enumerate every image running in your cluster, match it to CVE data, and attach severity to the actual deployments and namespaces. Image risk is shown in context of internet exposure, privileges and data sensitivity.
Example: “nginx:1.19” vulnerable and exposed only on canary → different priority than the ingress gateway in production.
k8sec builds attack-path graphs that show how a compromised pod can move laterally using service accounts, cluster roles, and misconfigured network boundaries. You get a prioritized list of “shortest paths to crown jewels”.
Combine RBAC analysis, service topology and exposed endpoints into one visual map.
Simulate real attacker behavior against your modeled graph without running destructive exploits. k8sec tests privileges, reachable services, and policy effectiveness to predict which paths would succeed in a real incident.
“If this pod is compromised, which secrets, services and nodes could be reached?”
k8sec deploys a lightweight agent inside your cluster and connects it to a graph controller that builds a live model of nodes, pods, identities and flows.
Kubernetes Cluster
Agents stream normalized events (images, RBAC, network flows) to the controller for correlation and path analysis.
Use this space to publish deep dives, attack-path analyses, and Kubernetes security patterns. Each article can link back to real scenarios discovered by k8sec in the field.
Attack Paths
Walk through a full attack path discovered by k8sec in a lab cluster – from exposed ingress to a misconfigured ServiceAccount with access to `kube-system`.
Read articleImage Vulnerabilities
Not every critical CVE is critical for your cluster. Learn how k8sec merges Trivy-style image scanning with network and RBAC data to prioritize what to patch first.
Read articleResources
Curated resources: CIS mappings, Kyverno policy packs, kube-hunter lab scenarios, and “red vs blue” runbooks you can adapt to your environment.
Browse resourcesYou can link this section to a dedicated docs site (MkDocs, Docusaurus, GitHub Pages) with installation steps, CRD references and example policies.
Go to GitHub