wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2025 winget.ragerworks.com

Loading...
Install kubescape using Winget - wingetCollections
  1. Go back
  2. Packages
  3. kubescape
kubescape logo

kubescape kubescape

best-practice devops kubernetes mitre-attack nsa security vulnerability-detection
Use this command to install kubescape:
winget install --id=kubescape.kubescape -e

Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources. Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including NSA-CISA, MITRE ATT&CK® and the CIS Benchmark). Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) sandbox project.

Kubescape is an open-source Kubernetes security platform designed to enhance security posture management across development, deployment, and runtime environments. It provides comprehensive risk analysis, compliance checks, and misconfiguration scanning for Kubernetes clusters, YAML files, and Helm charts.

Key Features:

  • Comprehensive Scanning: Detects misconfigurations based on industry-leading frameworks such as NSA-CISA, MITRE ATT&CK®, and the CIS Benchmark.
  • Multi-Faceted Support: Scans Kubernetes clusters, YAML configurations, and Helm charts to ensure robust security across all stages of development and deployment.
  • Flexible Output: Supports multiple output formats (JSON, JUnit XML, SARIF) for seamless integration into CI/CD pipelines and reporting requirements.
  • DevSecOps Integration: Offers an easy-to-use CLI interface for developers and operators, enabling automated scans that save time and resources.
  • In-Cluster Capabilities: Available as a Helm chart, Kubescape provides continuous scanning, runtime analysis, network policy generation, and image vulnerability detection when deployed in-cluster.

Audience & Benefit: Ideal for DevSecOps practitioners, platform engineers, and Kubernetes administrators seeking to streamline security processes. Kubescape empowers users to identify and remediate vulnerabilities quickly, ensuring compliance with best practices while reducing operational overhead. By automating security scans and providing actionable insights, it helps teams maintain a secure and resilient Kubernetes environment.

Kubescape can be installed via winget for easy setup on Windows systems.

README

Version build Go Report Card Gitpod Ready-to-Code GitHub CNCF Artifact HUB FOSSA Status OpenSSF Best Practices OpenSSF Scorecard Stars Twitter Follow Slack

Kubescape

Comprehensive Kubernetes Security from Development to Runtime

Kubescape is an open-source Kubernetes security platform that provides comprehensive security coverage, from left to right across the entire development and deployment lifecycle. It offers hardening, posture management, and runtime security capabilities to ensure robust protection for Kubernetes environments. It saves Kubernetes users and admins precious time, effort, and resources.

Versions
3.0.37
3.0.36
3.0.35
3.0.34
3.0.28
3.0.11
3.0.6
Website
github.com
License
Last Updated
7/28/2025

Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including NSA-CISA, MITRE ATT&CK® and the CIS Benchmark).

Kubescape was created by ARMO and is a Cloud Native Computing Foundation (CNCF) incubating project.

Please star ⭐ the repo if you want us to continue developing and improving Kubescape! 😀

Demo

Kubescape has a command line tool that you can use to quickly get a report on the security posture of a Kubernetes cluster:

Getting started

Experimenting with Kubescape is as easy as:

curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash

This script will automatically download the latest Kubescape CLI release and scan the Kubernetes cluster in your current kubectl context.

Learn more about:

  • Installing the Kubescape CLI
  • Running your first scan
  • Accepting risk with exceptions

Did you know you can use Kubescape in all these places?

Continuous security monitoring with the Kubescape Operator

As well as a CLI, Kubescape provides an in-cluster mode, which is installed via a Helm chart. Kubescape in-cluster provides extensive features such as continuous scanning, image vulnerability scanning, runtime analysis, network policy generation, and more. Learn more about the Kubescape operator.

Using Kubescape as a GitHub Action

Kubescape can be used as a GitHub Action. This is a great way to integrate Kubescape into your CI/CD pipeline. You can find the Kubescape GitHub Action in the GitHub Action marketplace.

Under the hood

Kubescape uses Open Policy Agent to verify Kubernetes objects against a library of posture controls. For image scanning, it uses Grype.
For image patching, it uses Copacetic. For eBPF, it uses Inspektor Gadget

By default, CLI scan results are printed in a console-friendly manner, but they can be:

  • exported to JSON, junit XML or SARIF
  • rendered to HTML or PDF
  • submitted to a cloud service

In-cluster architecture

Architecture diagram

Community

Kubescape is an open source project. We welcome your feedback and ideas for improvement. We are part of the CNCF community and are evolving Kubescape in sync with the security needs of Kubernetes users. To learn more about where Kubescape is heading, please check out our ROADMAP.

If you feel inspired to contribute to Kubescape, check out our CONTRIBUTING file to learn how. You can find the issues we are working on (triage to development) on the Kubescaping board

  • Feel free to pick a task from the board or suggest a feature of your own.
  • Open an issue on the board. We aim to respond to all issues within 48 hours.
  • Join the CNCF Slack and then our users or developers channel.

The Kubescape project follows the CNCF Code of Conduct.

For more information about the Kubescape community, please visit COMMUNITY.

We would like to take this opportunity to thank all our contibutors to date.

Changelog

Kubescape changes are tracked on the release page.

License

Copyright 2021-2025, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the LICENSE file for details.

Kubescape is a Cloud Native Computing Foundation (CNCF) incubating project and was contributed by ARMO.