Scan Kubernetes Cluster Environments

In Tenable Cloud Security, you can assign policies to Kubernetes cluster environments and perform cloud scans on these environments to check if they comply with the assigned policies. You can initiate a scan from the Tenable Cloud Security Console, the command line (CLI), or using Helm Chart.

Note: You might see the resource count in a Kubernetes cluster changing during the scan. This is due to the frequently changing run-time state of the Kubernetes cluster. For example, pods and other resources in the cluster might go through different phases in their life cycle.

Before you begin:

  • Download and install the Tenable Cloud Security CLI. For more information, see Set up Code Analysis through CLI.

  • Ensure that you have the following access:

    • Read access to the kube-system namespace resource (excluding the resources within the kube-system namespace).

    • Read access to the list of namespaces present in the cluster.

    • (Only for Azure) Read access to query a configmap named container-azm-ms-aks-k8scluster within the kube-system namespace.