Automic VaultAutomic Vault

brew

Install kube-score with Homebrew, Nix

Kubernetes object analysis recommendations for improved reliability and security. Version 1.20.0 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install kube-score

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#kube-score

nixpkgs package indexes · pkgs/by-name/ku/kube-score/package.nix · source: api.github.com

overview

Package summary

Kubernetes object analysis recommendations for improved reliability and security

Commands and aliases

  • kube-score

history

Project history and usage

kube-score is a Kubernetes manifest analysis CLI that scores object definitions and recommends reliability and security improvements. It is aimed at the pre-deployment stage, where YAML, Helm output, or Kustomize output can still be changed cheaply.

Project history

The kube-score repository was created on 2018-09-16, and its first beta release, v0.1.0-beta1, was published on 2018-09-26. The README presents it as static code analysis for Kubernetes object definitions, with checks for resources, network policy coverage, pod disruption budgets, probes, security contexts, and stable APIs.

Unlike cluster-side policy systems, kube-score kept a developer-tool shape: a single CLI that reads manifests, prints human or machine-readable findings, and exits with a CI-friendly status code.

Adoption history

The project documents several distribution paths: GitHub release binaries for macOS, Linux, and Windows, a Docker image, Homebrew, and Krew as the kubectl score plugin. Its website also hosts an online demo backed by the kube-score/web repository, giving users a low-friction way to try the checks without installing the CLI.

How it is used

Typical usage pipes rendered Kubernetes resources into kube-score, for example from helm template or kustomize build. The tool can also read static YAML files or resources exported from a live cluster, then produce recommendations in human, JSON, CI, or SARIF-oriented formats.

Annotations such as kube-score/ignore and kube-score/enable let users suppress or opt into checks on individual objects, which keeps the linter usable in repositories where not every workload has the same operational constraints.

Why package nerds care

kube-score matters in package-manager culture because it is a small, composable quality gate for Kubernetes manifests. It turns a broad operational checklist into a command that can live in a Makefile, pre-commit hook, GitHub Action, or CI job.

It also illustrates a common Kubernetes packaging pattern: one Go binary, release artifacts for multiple platforms, a Docker image for containerized CI, Homebrew for local developer machines, and Krew for kubectl-plugin users.

Timeline

  • 2018-09-16: GitHub repository created.
  • 2018-09-26: First GitHub release, v0.1.0-beta1, published.
  • 2018-10-08: v0.1.0 published.
  • 2025-04-28: GitHub release v1.20.0 published.

Related projects

  • Helm and Kustomize are common input producers for kube-score.
  • Krew distributes kube-score as a kubectl plugin named score.
  • kube-score/web provides the browser demo linked from the README.
  • KubeLinter occupies a related manifest-linting space with a stronger production-readiness and security-check branding.

security posture

Risk level: orange

infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • infrastructure mutation or orchestration signal

Signals

  • text:kubernetes

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 8 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
kube-scorecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.20.0
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/zegl/kube-score

  • infoNo package-manager update timestamp was available.low confidence
  • infoNo cached GitHub release or tag data was available.https://github.com/zegl/kube-scorenone confidence

install metadata

Package metadata

Package keybrew:kube-score
Version1.20.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/kube-score
Homepagehttps://kube-score.com
Repositoryhttps://github.com/zegl/kube-score
Upstream docshttps://github.com/zegl/kube-score#readme
LicenseMIT
Source archivehttps://github.com/zegl/kube-score.git
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namekube-score
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

kube-score

nix profile install nixpkgs#kube-score
  • normalized package name match
  • Matched by: Kube Score
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ku/kube-score/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment