概述

Overview

Kubernetes Security Review is a specialized security analysis tool that scans Kubernetes YAML manifests for vulnerabilities, misconfigurations, and deviations from industry security best practices. Organizations using Kubernetes in production environments can leverage this tool to identify and remediate security gaps before deployment.

The tool performs comprehensive static analysis on Kubernetes resources, detecting issues such as missing security contexts, overly permissive RBAC configurations, exposed secrets, resource limits violations, and container image best practices. This proactive approach helps prevent common Kubernetes security incidents and ensures compliance with organizational security policies.

Ideal users include DevOps engineers, platform security teams, Kubernetes administrators, and organizations implementing security-as-code practices. The tool integrates seamlessly into CI/CD pipelines, policy enforcement workflows, and infrastructure-as-code validation processes.

Usage

Sample Request

{
  "yaml_content": "apiVersion: v1\nkind: Pod\nmetadata:\n  name: web-app\n  namespace: production\nspec:\n  containers:\n  - name: nginx\n    image: nginx:latest\n    ports:\n    - containerPort: 80\n    securityContext:\n      runAsNonRoot: false\n      privileged: true\n    resources:\n      requests:\n        memory: \"64Mi\"\n        cpu: \"250m\"\n    volumeMounts:\n    - name: config\n      mountPath: /etc/config\n  volumes:\n  - name: config\n    secret:\n      secretName: db-credentials"
}

Sample Response

{
  "manifest_valid": true,
  "findings": [
    {
      "severity": "HIGH",
      "rule_id": "K8S-001",
      "category": "Security Context",
      "message": "Container running in privileged mode - potential security risk",
      "resource": "Pod/web-app/containers/nginx",
      "recommendation": "Set privileged: false and use specific capabilities instead"
    },
    {
      "severity": "HIGH",
      "rule_id": "K8S-002",
      "category": "Container Image",
      "message": "Using image tag 'latest' is not recommended in production",
      "resource": "Pod/web-app/containers/nginx",
      "recommendation": "Pin image to a specific version tag (e.g., nginx:1.25.3)"
    },
    {
      "severity": "MEDIUM",
      "rule_id": "K8S-003",
      "category": "Security Context",
      "message": "Container should run as non-root user",
      "resource": "Pod/web-app/containers/nginx",
      "recommendation": "Set runAsNonRoot: true and specify a non-zero uid"
    },
    {
      "severity": "MEDIUM",
      "rule_id": "K8S-004",
      "category": "Pod Security",
      "message": "Pod does not enforce read-only root filesystem",
      "resource": "Pod/web-app",
      "recommendation": "Set readOnlyRootFilesystem: true where possible"
    }
  ],
  "summary": {
    "total_findings": 4,
    "high_severity": 2,
    "medium_severity": 2,
    "low_severity": 0,
    "compliance_score": 65
  }
}

Endpoints

POST /review-k8s

Analyzes a Kubernetes YAML manifest for security issues, misconfigurations, and best practices violations.

Method: POST

Path: /review-k8s

Parameters:

Name	Type	Required	Description
------	------	----------	-------------
`yaml_content`	string	Yes	Complete Kubernetes YAML manifest as a string. Can include single or multiple resources (Pods, Deployments, Services, ConfigMaps, Secrets, RBAC definitions, Network Policies, etc.).

Request Body:

{
  "yaml_content": "<kubernetes-yaml-manifest>"
}

Response (200 OK):

Returns a comprehensive security analysis report including:

manifest_valid: Boolean indicating if YAML is syntactically valid
findings: Array of security findings, each containing:
severity: One of HIGH, MEDIUM, LOW
rule_id: Unique identifier for the security rule
category: Type of finding (e.g., Security Context, Container Image, Pod Security, RBAC, Secrets Management)
message: Detailed description of the issue
resource: Kubernetes resource path affected
recommendation: Remediation guidance
summary: Aggregate statistics including total findings, severity breakdown, and compliance score

Response (422 Validation Error):

Returned when the request payload fails validation.

{
  "detail": [
    {
      "loc": ["body", "yaml_content"],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

Pricing

Plan	Calls/Day	Calls/Month	Price
------	-----------	-------------	-------
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/security/k8s-security-review
API Docs: https://api.mkkpro.com:8022/docs

版本历史

共 1 个版本

v1.0.0 当前

2026-05-03 07:05 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)