Security Overview

Security View

The Security View provides comprehensive security analysis and compliance monitoring for your Kubernetes clusters.

Overview

Access Security features from the Security menu in the sidebar. The security dashboard shows:

  • Overall compliance score
  • Security posture rating
  • Issue counts by severity
  • Trends over time
  • Top recommendations
Security Compliance
Security compliance dashboard showing overall posture and recommendations

Security Sections

SectionDescription
DashboardOverview of all security metrics
GatekeeperOPA Gatekeeper policy management
Admission ControlAdmission controller policies
Policy TemplatesPre-configured policy templates
Image SecurityContainer image vulnerability scanning
MisconfigurationsKubernetes misconfiguration detection
Secrets ScanExposed secrets detection
RBACRole-based access control analysis
Service AccountsService account security
Network PoliciesNetwork policy analysis
Audit LogsSecurity event logs
RecommendationsAI-powered security recommendations

Compliance Scanning

Supported Frameworks

SRExpert checks your clusters against industry standards:

FrameworkChecksDescription
CIS Kubernetes Benchmark11Industry standard security configuration
NSA/CISA Hardening Guide5US Government hardening recommendations
PCI-DSS Container Security5Payment card industry requirements
ISO 2700110+Information security management
NISTMultipleUS Government security framework
SOC 2MultipleService organization controls
HIPAAMultipleHealthcare data protection

Running a Compliance Check

  1. Go to Security > Dashboard
  2. Click Run Compliance Check
  3. Select a framework (CIS, NSA, PCI-DSS)
  4. Select target cluster
  5. Click Run

The check executes against your Kubernetes API and returns real-time results.

Compliance Scan
Run compliance checks against your cluster to verify security standards

Compliance Results

Each check shows:

FieldDescription
Check IDUnique identifier (e.g., CIS-1.1.1)
TitleWhat the check verifies
Statuspass, fail, warning, error
Severitycritical, high, medium, low
MessageDetails about the finding
RemediationHow to fix the issue

Compliance Score

The compliance score (0-100) is calculated based on:

  • Number of passing checks
  • Severity of failing checks
  • Framework coverage

View your score:

  1. Go to Security > Dashboard
  2. See the compliance score card
  3. Click for breakdown by framework

Compliance Reports

Export compliance reports:

  1. Go to Security > Dashboard
  2. Click Export Report
  3. Select format (JSON, HTML, XML)
  4. Download the report

Reports include:

  • Executive summary
  • Pass/fail details
  • Remediation guidance
  • Trend data

Vulnerability Scanning

Image Scanning

SRExpert integrates with Trivy for vulnerability scanning:

  • Automatic scanning of deployed images
  • CVE database from NIST NVD
  • Severity classification
  • Fix version recommendations

Scanning Options

  1. Trivy Operator - Continuous scanning in-cluster
  2. On-demand scanning - Scan specific images
Image Security
Container image vulnerability scanning showing CVEs and severity levels

Viewing Vulnerabilities

  1. Go to Security > Image Security
  2. See images with vulnerability counts
  3. Click an image for details

Each vulnerability shows:

  • CVE ID and link
  • Severity (Critical, High, Medium, Low)
  • Affected package and version
  • Fixed version (if available)
  • Description

Filtering Vulnerabilities

Filter by:

  • Severity level
  • Namespace
  • Image name
  • Fix availability

RBAC Analysis

Overview

The RBAC analyzer examines your cluster’s role-based access control:

  • ClusterRoles and Roles
  • ClusterRoleBindings and RoleBindings
  • ServiceAccounts
  • Permission risks

RBAC Security Score

The RBAC security score (0-100) considers:

  • Wildcard permissions (* resources or verbs)
  • Overprivileged service accounts
  • Risky role bindings
  • Cluster-admin usage
RBAC Analysis
RBAC security analysis showing roles, bindings and permission risks

Risk Types Detected

Risk TypeSeverityExample
Wildcard permissionsCriticalresources: ["*"]
Overprivileged accountsHighService account with cluster-admin
Risky bindingsMediumBinding to default namespace
Unused service accountsLowOld accounts still existing

Viewing RBAC

  1. Go to Security > RBAC
  2. Tabs available:
    • Roles - Namespace-scoped roles
    • ClusterRoles - Cluster-wide roles
    • RoleBindings - Namespace bindings
    • ClusterRoleBindings - Cluster bindings
    • Analysis - Risk analysis

RBAC Analysis Output

{
  "security_score": 75,
  "summary": {
    "total_cluster_roles": 45,
    "total_roles": 23,
    "critical_risks": 2,
    "high_risks": 5,
    "medium_risks": 8
  },
  "risks": [
    {
      "severity": "CRITICAL",
      "type": "wildcard_permissions",
      "description": "ClusterRole 'admin' has wildcard resource access",
      "recommendation": "Restrict to specific resources"
    }
  ]
}

Secret Scanning

Secrets Scanning
Detect exposed secrets and sensitive data in your workloads

Running Secret Scans

  1. Go to Security > Secrets Scan
  2. View findings by namespace
  3. Click a finding for details

Secret Findings

Each finding shows:

  • Secret type detected
  • Location (namespace, resource, field)
  • Confidence level
  • Remediation steps

Misconfiguration Detection

What’s Checked

SRExpert detects common misconfigurations:

  • Privileged containers
  • Missing resource limits
  • Missing security context
  • Exposed service ports
  • Insecure pod configurations
  • Missing network policies

Viewing Misconfigurations

  1. Go to Security > Misconfigurations
  2. Filter by severity or type
  3. Click an issue for details and fix

Remediation

Each misconfiguration includes:

  • Description of the risk
  • Affected resources
  • YAML example of the fix
  • Best practice recommendation

Gatekeeper Policies

Overview

OPA Gatekeeper enforces policies in your cluster. SRExpert helps you:

  • View installed policies
  • Monitor violations
  • Manage enforcement modes
  • Apply policy templates
Gatekeeper Policies
OPA Gatekeeper policy management and enforcement

Policy Management

  1. Go to Security > Gatekeeper
  2. View active policies
  3. Click a policy to see:
    • Template details
    • Constraints
    • Current violations
    • Enforcement mode
Create Policy
Create and configure security policies for your cluster

Enforcement Modes

ModeBehavior
enforceBlock non-compliant resources
warnAllow but log warning
dryrunRecord only, no action
disabledPolicy not active

Violations

View policy violations:

  1. Go to Security > Gatekeeper
  2. Click Violations tab
  3. See resources failing policies

See Gatekeeper & Policies for detailed documentation.

Network Policy Analysis

Coverage Analysis

SRExpert analyzes your network policies:

  • Namespaces without policies
  • Pods without ingress restrictions
  • Pods without egress restrictions
  • Policy gaps

Viewing Network Policies

  1. Go to Security > Network Policies
  2. See coverage by namespace
  3. Click a namespace for policy details

Recommendations

Get recommendations for:

  • Deny-all base policies
  • Specific allow rules
  • Egress restrictions

See Network Policies for more details.

Service Account Security

Analysis

Review service account security:

  • Accounts with mounted tokens
  • Accounts with cluster-admin
  • Unused service accounts
  • Token age and rotation

Viewing Service Accounts

  1. Go to Security > Service Accounts
  2. Filter by namespace
  3. See risk indicators
  4. Click for details

Security Recommendations

AI-Powered Recommendations

SRExpert analyzes your cluster and provides prioritized recommendations:

  1. Go to Security > Recommendations
  2. See recommendations sorted by priority
  3. Each recommendation shows:
    • Issue description
    • Affected resources
    • Remediation steps
    • Expected impact

Priority Factors

Recommendations are prioritized by:

  • Severity of the issue
  • Number of affected resources
  • Ease of remediation
  • Security impact

Security Trends

Viewing Trends

Track security posture over time:

  1. Go to Security > Dashboard
  2. See the trends chart
  3. Toggle between 7 days and 30 days

Trends show:

  • Compliance score changes
  • Vulnerability counts
  • Issue resolution rate

Best Practices

Regular Scanning

  • Run compliance checks weekly
  • Enable continuous vulnerability scanning
  • Review RBAC quarterly

Prioritization

Focus on:

  1. Critical vulnerabilities in production
  2. Failing compliance checks
  3. RBAC over-permissions
  4. Exposed secrets

Remediation Workflow

  1. Review new findings daily
  2. Assign issues to team members
  3. Fix and verify resolution
  4. Track trends for improvement

Next Steps

Notification PluginsOverview