Tools/aquasecurity/kube-bench

kube-bench

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

8.1kemergingGoApache License 2.0

The Lens

kube-bench checks whether your Kubernetes cluster is configured according to the CIS Kubernetes Benchmark, the industry-standard hardening checklist. It runs the hundreds of checks in that benchmark automatically and tells you what passes, what fails, and how to fix each one. Open source, from Aqua Security, free.

It runs as a job or container on your nodes and inspects the actual configuration of the control plane, kubelet, and policies against the benchmark. The output maps directly to CIS recommendations, which makes it the standard tool when an auditor asks whether you meet the benchmark. Setup is straightforward and it's built to run on a schedule.

Fully free with no paid tier. It's single-purpose in the best way: it does CIS benchmarking and nothing else, so it pairs naturally with broader tools like Kubescape or a runtime monitor like Falco. Any team that needs to demonstrate CIS compliance for Kubernetes runs this.

The catch: it measures against the CIS benchmark, which is a configuration checklist, not a complete security posture. A cluster can pass kube-bench and still have application-level holes, weak RBAC choices the benchmark doesn't judge, or runtime threats it can't see. It answers are we hardened to CIS, not are we secure.

Free vs Self-Hosted vs Paid

fully free

Self-hosted (free): kube-bench under Apache-2.0, from Aqua Security. Runs the CIS Kubernetes Benchmark checks against your control plane, kubelet, and policies, mapping results to CIS recommendations. Runs as a job or container, built for scheduling.

Commercial: None.

The call: Single-purpose CIS benchmarking. Pairs with broader tools like Kubescape and a runtime monitor like Falco.

Completely free and open source. No paid tier.

Self-hosting ops:trivial

Get tools like this every Wednesday

One featured tool, three on the radar. No fluff.

Score
63/100 · B
Adoption23/30
Maintenance10/25
Community5/20
License15/15
Analysis10/10

About

Owner
Aqua Security (Organization)
Stars
8,092
Forks
1,328

Explore Further

More tools in the directory