Snotra Kubernetes
Snotra now supports kubernetes!
Snotra now supports Kubernetes, creds are read from your ~/.kube/config file and are used to assess a Kubernetes clusters for various misconfigurations. As with all other versions of Snotra the JSON file output follows the same structure and can be fed into reporting tools and other workflows.
Currently Snotra Kubernetes checks for the following issues:
- Default Namespace in Use
- Default Service Account In Use
- Insecure Image Pull Policy
- Insecure Image Tagging
- Lack of Container Security Context
- Privileged Pods
- Outdated Kubernetes Version In Use
- Unsupported Kubernetes Version In Use
- Lack of Network Policies
- Lack of Container Limits
- Lack of Resource Quotas
- Kubernetes Dashboard Enabled
- Overly Permissive Role Assignments
- Lack of Admission Control
- Secrets in Environment Variables
- Secrets in Container Arguments
- Secrets in Config Maps (Manual Check)