-
Notifications
You must be signed in to change notification settings - Fork 22
Home
The Kubernetes Common Configuration Scoring System (KCCSS) is a framework to rate the risk associated with Kubernetes workloads. KCSS allows you to calculate a risk from 0 (no risk) to 10 (high risk) for every runtime setting of workloads, then used to calculate the global risk of the workloads, taking into consideration the risks and remediations put in place.
The scoring formula as well as the risk and remediations rules are open-source and available on github. The list of rules can be easily expanded to include vendor-specific remediations, risks and remediations for different Kubernetes distributions or cloud providers, risks and remediations of additional tools installed (Service Mesh, Helm server, etc.). We want to build a community around KCCSS, we encourage any kind of contribution: review of existing rules, new rules, better formula, etc.
KCCSS was inspired by the Common Vulnerability Scoring System (CVSS), the standard to rate the impact and risks associated with software vulnerabilities, the Common Configuration System (CCSS) and the Common Configuration Enumeration (CCE). The description and scoring of individual risk is very close to CVSS. KCCSS should feel very familiar to users of CVSS.
On this site, you’ll find a lot of detailed information about KCCSS, resources to contribute and use KCCSS, including kube-scan, a security scanner that implements KCCSS to display the risk score of each workload.
- Anatomy of a rule
- Score formula
- How to contribute
- KCCSS and CVSS
- kube-scan