Security ScanningMisconfigurations

Misconfigurations

Detect and fix security misconfigurations in your Kubernetes cluster against industry compliance frameworks.

Misconfigurations Overview
Security & Compliance dashboard with CIS Benchmark results

Overview

The Misconfigurations feature scans your Kubernetes cluster against multiple security compliance frameworks to identify configuration issues that could pose security risks. Scanning is automated and on-demand — use the Rescan button to run a fresh check at any time.

Scoped per cluster: Misconfiguration results are shown per cluster. Use the cluster selector at the top of the page to choose a specific cluster, or select All clusters for an aggregated view.

Supported Frameworks

FrameworkDescription
CIS BenchmarkCenter for Internet Security Kubernetes Benchmark
NSA HardeningNSA/CISA Kubernetes Hardening Guide
PCI-DSSPayment Card Industry Data Security Standard
ISO 27001Information Security Management Standard
NIST 800-190Application Container Security Guide
SOC 2Service Organization Control 2
HIPAAHealth Insurance Portability and Accountability Act

How to Use

Running a Compliance Check

  1. Navigate to Security > Security Scanning > Misconfigurations
  2. Select a compliance framework tab (e.g., CIS Benchmark)
  3. Click the Rescan button to run a fresh scan
  4. Review the compliance results

Understanding Results

Each framework tab shows a set of status counts plus an overall score:

  • Passed - Checks that your cluster passed
  • Failed - Checks that need attention
  • Warning - Checks with potential issues
  • Errored - Checks that could not be evaluated
  • Compliance Score (%) - Overall percentage of passed checks for the selected framework

Viewing Check Details

  1. Click on a specific check in the Compliance Checks section
  2. View the detailed description of the issue
  3. See the affected resources
  4. Get remediation guidance

Filtering Results

Use the controls in the top right to:

  • Grouped / List - Toggle between grouped and list view
  • Severity filter - Filter checks by severity (All, Critical, High, Medium, Low)
  • Rescan - Run a new compliance scan for the selected framework

Best Practices

  1. Start with CIS - The CIS Kubernetes Benchmark is a good baseline
  2. Address Failed First - Focus on failed checks before warnings
  3. Regular Scans - Schedule regular compliance checks
  4. Track Progress - Monitor your compliance score over time
  5. Use Exceptions - Create exceptions for intentional deviations

Next Steps

Image SecuritySecurity Exceptions