Container and Kubernetes assessment: image hygiene, privileged containers and escapes, RBAC, network policies, secrets, and admission control.
64 checks · progress and notes saved in your browser
Hardening of container images and the registries that store them — minimal trusted bases, no embedded secrets, vulnerability scanning, SBOMs, and signed/admitted images.
Runtime posture of containers and pods — privileged mode, host namespace and path exposure, Linux capabilities, escape vectors, and running as non-root.
Authorization and API exposure — over-permissive RBAC, anonymous/unauthenticated API and kubelet access, and service-account token abuse.
Network segmentation and secret management — network policies that limit lateral movement, secrets encryption and safe consumption, and ingress/service exposure.
Cluster-level controls — admission control and policy engines, etcd protection, and CIS benchmark / control-plane hardening.