Snotra Kubernetes

Snotra now supports kubernetes!

Snotra now supports Kubernetes, creds are read from your ~/.kube/config file and are used to assess a Kubernetes clusters for various misconfigurations. As with all other versions of Snotra the JSON file output follows the same structure and can be fed into reporting tools and other workflows.

Currently Snotra Kubernetes checks for the following issues:

  • Default Namespace in Use
  • Default Service Account In Use
  • Insecure Image Pull Policy
  • Insecure Image Tagging
  • Lack of Container Security Context
  • Privileged Pods
  • Outdated Kubernetes Version In Use
  • Unsupported Kubernetes Version In Use
  • Lack of Network Policies
  • Lack of Container Limits
  • Lack of Resource Quotas
  • Kubernetes Dashboard Enabled
  • Overly Permissive Role Assignments
  • Lack of Admission Control
  • Secrets in Environment Variables
  • Secrets in Container Arguments
  • Secrets in Config Maps (Manual Check)
Shaun

About the author

Shaun is a Penetration Tester and Bitcoiner based in state controlled Britain, with over a decade in the Security Industry, specialising in Cloud and Infrastructure Security and regularly completing assessments for all manner of companies from global corporations to small charities and non profits.