kubeaudit
CLI to audit Kubernetes manifests and clusters for security misconfigurations (capabilities, read-only root, privileged, etc.).
Why it is included
Focused open checker predating many policy engines—still useful in CI for manifest gates.
Best for
GitOps repos enforcing pod security baseline before apply.
Strengths
- Simple rules
- Fast CLI
- Manifest + live cluster modes
Limitations
- Less expressive than full OPA/Kyverno policy languages
Good alternatives
Checkov · Kyverno · Kubescape
Related tools
Security & Privacy
Checkov
Static analysis for Terraform, CloudFormation, Kubernetes, Docker, and more—hundreds of built-in policy checks.
Security & Privacy
Kubescape
Kubernetes security scanner for misconfigurations, RBAC, compliance frameworks (NSA/CIS), and image vulnerabilities.
Security & Privacy
Kyverno
Kubernetes-native policy engine using YAML (no Rego) for validate, mutate, generate, and image verification rules.
Security & Privacy
Terrascan
IaC scanner detecting security issues across Terraform, Kubernetes, Helm, Docker, and cloud APIs via OPA/Rego policies.
Security & Privacy
John the Ripper
Password cracker focused on fast CPU modes, formats, and incremental attacks—ubiquitous in audits.
Security & Privacy
Lynis
Host-based security auditing for Unix: misconfigurations, packages, SSH, kernel hardening hints.