macOS
brew install kube-scorelocal Homebrew formula metadata
brew
Kubernetes object analysis recommendations for improved reliability and security. Version 1.20.0 via Homebrew; verified from local package data.
install
brew install kube-scorelocal Homebrew formula metadata
nix profile install nixpkgs#kube-scorenixpkgs package indexes · pkgs/by-name/ku/kube-score/package.nix · source: api.github.com
overview
Kubernetes object analysis recommendations for improved reliability and security
history
kube-score is a Kubernetes manifest analysis CLI that scores object definitions and recommends reliability and security improvements. It is aimed at the pre-deployment stage, where YAML, Helm output, or Kustomize output can still be changed cheaply.
The kube-score repository was created on 2018-09-16, and its first beta release, v0.1.0-beta1, was published on 2018-09-26. The README presents it as static code analysis for Kubernetes object definitions, with checks for resources, network policy coverage, pod disruption budgets, probes, security contexts, and stable APIs.
Unlike cluster-side policy systems, kube-score kept a developer-tool shape: a single CLI that reads manifests, prints human or machine-readable findings, and exits with a CI-friendly status code.
The project documents several distribution paths: GitHub release binaries for macOS, Linux, and Windows, a Docker image, Homebrew, and Krew as the kubectl score plugin. Its website also hosts an online demo backed by the kube-score/web repository, giving users a low-friction way to try the checks without installing the CLI.
Typical usage pipes rendered Kubernetes resources into kube-score, for example from helm template or kustomize build. The tool can also read static YAML files or resources exported from a live cluster, then produce recommendations in human, JSON, CI, or SARIF-oriented formats.
Annotations such as kube-score/ignore and kube-score/enable let users suppress or opt into checks on individual objects, which keeps the linter usable in repositories where not every workload has the same operational constraints.
kube-score matters in package-manager culture because it is a small, composable quality gate for Kubernetes manifests. It turns a broad operational checklist into a command that can live in a Makefile, pre-commit hook, GitHub Action, or CI job.
It also illustrates a common Kubernetes packaging pattern: one Go binary, release artifacts for multiple platforms, a Docker image for containerized CI, Homebrew for local developer machines, and Krew for kubectl-plugin users.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
kube-score | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/zegl/kube-score
install metadata
| Package key | brew:kube-score |
|---|---|
| Version | 1.20.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/kube-score |
| Homepage | https://kube-score.com |
| Repository | https://github.com/zegl/kube-score |
| Upstream docs | https://github.com/zegl/kube-score#readme |
| License | MIT |
| Source archive | https://github.com/zegl/kube-score.git |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | kube-score |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
kube-score
nix profile install nixpkgs#kube-scoresource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.