macOS
brew install kubescapelocal Homebrew formula metadata
sudo port install kubescapeMacPorts ports tree · sysutils/kubescape/Portfile · source: api.github.com
brew
Kubernetes testing according to Hardening Guidance by NSA and CISA. Version 4.0.10 via Homebrew; verified 2026-06-30.
install
brew install kubescapelocal Homebrew formula metadata
sudo port install kubescapeMacPorts ports tree · sysutils/kubescape/Portfile · source: api.github.com
nix profile install nixpkgs#kubescapenixpkgs package indexes · pkgs/by-name/ku/kubescape/package.nix · source: api.github.com
sudo zypper install kubescapeopenSUSE Tumbleweed package metadata · kubescape · source: download.opensuse.org
scoop install main/kubescapeScoop official bucket manifest trees · bucket/kubescape.json · source: api.github.com
winget install --id kubescape.kubescape -eWindows Package Manager source index · kubescape.kubescape · source: cdn.winget.microsoft.com
overview
Kubernetes testing according to Hardening Guidance by NSA and CISA
history
Kubescape is an open source Kubernetes security and compliance platform, created by ARMO and hosted as a CNCF project. The CLI scans clusters, Kubernetes YAML, Helm charts, repositories, container registries, and images for misconfigurations, vulnerabilities, and risk.
Kubescape began as a Kubernetes-focused security scanner and expanded into a broader platform covering posture management, hardening, runtime security, image vulnerability scanning, admission control, and remediation workflows. Its repository describes coverage from development through runtime, including NSA-CISA, MITRE ATT&CK, and CIS benchmark-oriented checks.
The CNCF project page records Kubescape's acceptance into CNCF on December 13, 2022 and its move to Incubating maturity on January 13, 2025.
Kubescape's packaging shows adoption across developer and CI workflows: official docs list Homebrew installation, the project maintains a GitHub Action, and the README lists package-manager paths for Homebrew, Krew, Arch, Ubuntu, Nix, Chocolatey, and Scoop.
The CLI is commonly used to scan a running Kubernetes cluster, scan local manifest directories, scan container images, list controls and frameworks, and integrate security checks into pull-request or CI pipelines.
Kubescape matters to package maintainers because it sits at the intersection of Kubernetes CLI tooling, security scanning databases, and policy frameworks. It is also an example of a CNCF security project with both a standalone CLI and in-cluster components.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
kubescape | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/kubescape/kubescape
install metadata
| Package key | brew:kubescape |
|---|---|
| Version | 4.0.10 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/kubescape |
| Homepage | https://kubescape.io |
| Repository | https://github.com/kubescape/kubescape |
| Upstream docs | https://kubescape.io/docs |
| License | Apache-2.0 |
| Source archive | https://github.com/kubescape/kubescape.git |
| Last updated | 2026-06-30T08:36:04Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | kubescape |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
kubescape
nix profile install nixpkgs#kubescapekubescape 4.0.9-1.1
Tool providing a multi-cloud K8s single pane of glass
https://github.com/armosec/kubescape
sudo zypper install kubescapekubescape
sudo port install kubescapemain/kubescape
scoop install main/kubescapekubescape.kubescape
winget install --id kubescape.kubescape -esource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.