kube-bench is a compliance auditing tool that checks Kubernetes deployments against the CIS Kubernetes Benchmark to ensure secure configurations.
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
kube-bench is used by Kubernetes administrators and security professionals to verify that their Kubernetes clusters adhere to established security best practices defined by the CIS Kubernetes Benchmark. It helps automate security compliance checks and identify misconfigurations in Kubernetes deployments, facilitating continuous security auditing and hardening.
kube-bench requires access to the host's PID namespace and certain host directories to perform accurate checks; running it inside a pod mandates appropriate permissions. The tool closely follows the CIS Kubernetes Benchmark but users should verify compatibility between Kubernetes versions and benchmark releases. For broader security scanning, kube-bench integrates with Trivy and its Kubernetes Operator.
Apply the supplied Kubernetes job manifest: kubectl apply -f job.yaml
Wait for the kube-bench job pod to complete
Retrieve results from the pod logs using: kubectl logs <pod-name>kubectl apply -f job.yaml
Deploys kube-bench as a Kubernetes job to run CIS benchmark checks.
kubectl get pods
Lists pods to monitor the status of the kube-bench job.
kubectl logs <pod-name>
Displays the output logs of the kube-bench job containing compliance results.