Misconfigurations

Detect and fix security misconfigurations in your Kubernetes cluster against industry compliance frameworks.

Overview

The Misconfigurations feature scans your Kubernetes cluster against multiple security compliance frameworks to identify configuration issues that could pose security risks.

Supported Frameworks

Framework	Description
CIS Benchmark	Center for Internet Security Kubernetes Benchmark
NSA Hardening	NSA/CISA Kubernetes Hardening Guide
PCI-DSS	Payment Card Industry Data Security Standard
ISO 27001	Information Security Management Standard
NIST 800-190	Application Container Security Guide
SOC 2	Service Organization Control 2
HIPAA	Health Insurance Portability and Accountability Act

How to Use

Running a Compliance Check

Navigate to Security > Security Scanning > Misconfigurations
Select a compliance framework tab (e.g., CIS Benchmark)
Click the Rescan button to run a fresh scan
Review the compliance results

Understanding Results

The dashboard shows:

Passed - Checks that your cluster passed (green)
Failed - Checks that need attention (red)
Warning - Checks with potential issues (yellow)
Compliance Score - Overall percentage of passed checks

Viewing Check Details

Click on a specific check in the Compliance Checks section
View the detailed description of the issue
See the affected resources
Get remediation guidance

Filtering Results

Use the controls in the top right to:

Grouped/List - Toggle between grouped and list view
All Severities - Filter by severity level
Rescan - Run a new compliance scan

Best Practices

Start with CIS - The CIS Kubernetes Benchmark is a good baseline
Address Failed First - Focus on failed checks before warnings
Regular Scans - Schedule regular compliance checks
Track Progress - Monitor your compliance score over time
Use Exceptions - Create exceptions for intentional deviations

Next Steps

Security Exceptions - Manage compliance exceptions
Image Security - Scan for vulnerabilities

Image Security Security Exceptions