Kubescape
Open-source Kubernetes Security: Practical, End-to-End Coverage

Kubescape is an open-source Kubernetes security platform that provides configuration scanning, vulnerability assessment, policy enforcement, network policy validation, and runtime threat detection for Kubernetes environments. It supports multiple compliance frameworks including CIS Benchmarks, NSA-CISA, and MITRE ATT&CK, and integrates with popular IDEs and CI/CD pipelines. Created by ARMO, it is a CNCF incubating project built on tools like Open Policy Agent, Grype, and eBPF.
Kubescape retrieves Kubernetes objects from the API server, runs Rego-based posture controls via Open Policy Agent, and performs image scanning and runtime monitoring using integrated open-source tools.
Kubernetes engineers and platform operators
Background.
- Status
- launched
- Business model
- open-source
- Company
- ARMO
- Launched
- 2021
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.