
kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
The Lens
kube-bench checks whether your Kubernetes cluster is configured according to the CIS Kubernetes Benchmark, the industry-standard hardening checklist. It runs the hundreds of checks in that benchmark automatically and tells you what passes, what fails, and how to fix each one. Open source, from Aqua Security, free.
It runs as a job or container on your nodes and inspects the actual configuration of the control plane, kubelet, and policies against the benchmark. The output maps directly to CIS recommendations, which makes it the standard tool when an auditor asks whether you meet the benchmark. Setup is straightforward and it's built to run on a schedule.
Fully free with no paid tier. It's single-purpose in the best way: it does CIS benchmarking and nothing else, so it pairs naturally with broader tools like Kubescape or a runtime monitor like Falco. Any team that needs to demonstrate CIS compliance for Kubernetes runs this.
The catch: it measures against the CIS benchmark, which is a configuration checklist, not a complete security posture. A cluster can pass kube-bench and still have application-level holes, weak RBAC choices the benchmark doesn't judge, or runtime threats it can't see. It answers are we hardened to CIS, not are we secure.
Free vs Self-Hosted vs Paid
fully freeSelf-hosted (free): kube-bench under Apache-2.0, from Aqua Security. Runs the CIS Kubernetes Benchmark checks against your control plane, kubelet, and policies, mapping results to CIS recommendations. Runs as a job or container, built for scheduling.
Commercial: None.
The call: Single-purpose CIS benchmarking. Pairs with broader tools like Kubescape and a runtime monitor like Falco.
Completely free and open source. No paid tier.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
About
- Owner
- Aqua Security (Organization)
- Stars
- 8,092
- Forks
- 1,328
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
381.5k ★everything-claude-code
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
225.3k ★hermes-agent
The agent that grows with you
208.2k ★