Official Kubernetes security & compliance policy pack for CloudQuery.
The open-source cloud asset inventory powered by SQL.
CloudQuery extracts, transforms, and loads your cloud assets into normalized PostgreSQL tables. CloudQuery enables you to assess, audit, and evaluate the configurations of your cloud assets.
- Homepage: https://cloudquery.io
- Documentation: https://docs.cloudquery.io
- CloudQuery Hub (providers & policies documentation): https://hub.cloudquery.io/
- Discord: https://cloudquery.io/discord
- NSA and CISA Kubernetes Hardening Guidance v1.0
# install with brew brew install cloudquery/tap/cloudquery # or download precompiled binaries from https://github.com/cloudquery/cloudquery/releases
cloudquery init k8s
# connect or run a local PostgreSQL docker run -p 5432:5432 -e POSTGRES_PASSWORD=pass -d postgres # extract your cloud infra configuration cloudquery fetch
# Describe what is available in the policy pack cloudquery policy describe k8s # Run the whole pack cloudquery policy run k8s # Run specific policy cloudquery policy run k8s//nsa_cisa_v1