# Install kubescape with Homebrew, MacPorts, Nix, scoop, winget, zypper

Kubernetes testing according to Hardening Guidance by NSA and CISA. Version 4.0.10 via Homebrew; verified 2026-06-30.

## Install

```sh
sudo av install brew:kubescape
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install kubescape
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install kubescape
```

  Evidence: MacPorts ports tree: sysutils/kubescape/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#kubescape
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ku/kubescape/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- zypper (92%):

```sh
sudo zypper install kubescape
```

  Evidence: openSUSE Tumbleweed package metadata: kubescape from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Scoop (92%):

```sh
scoop install main/kubescape
```

  Evidence: Scoop official bucket manifest trees: bucket/kubescape.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id kubescape.kubescape -e
```

  Evidence: Windows Package Manager source index: kubescape.kubescape from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:kubescape
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/kubescape>
- **Version:** 4.0.10
- **Source summary:** Kubernetes testing according to Hardening Guidance by NSA and CISA
- **Homepage:** <https://kubescape.io>
- **Repository:** <https://github.com/kubescape/kubescape>
- **Upstream docs:** <https://kubescape.io/docs>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/kubescape/kubescape.git>
- **Last updated:** 2026-06-30T08:36:04Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- kubescape (cli)
- kubescape (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 4.0.10
- Package-manager updated: 2026-06-30
- Local data: ok
- Upstream repository: https://github.com/kubescape/kubescape
- info: No cached GitHub release or tag data was available.
## Project history and usage

Kubescape is an open source Kubernetes security and compliance platform, created by ARMO and hosted as a CNCF project. The CLI scans clusters, Kubernetes YAML, Helm charts, repositories, container registries, and images for misconfigurations, vulnerabilities, and risk.

### Project history

Kubescape began as a Kubernetes-focused security scanner and expanded into a broader platform covering posture management, hardening, runtime security, image vulnerability scanning, admission control, and remediation workflows. Its repository describes coverage from development through runtime, including NSA-CISA, MITRE ATT&CK, and CIS benchmark-oriented checks.

The CNCF project page records Kubescape's acceptance into CNCF on December 13, 2022 and its move to Incubating maturity on January 13, 2025.

### Adoption history

Kubescape's packaging shows adoption across developer and CI workflows: official docs list Homebrew installation, the project maintains a GitHub Action, and the README lists package-manager paths for Homebrew, Krew, Arch, Ubuntu, Nix, Chocolatey, and Scoop.

### How it is used

The CLI is commonly used to scan a running Kubernetes cluster, scan local manifest directories, scan container images, list controls and frameworks, and integrate security checks into pull-request or CI pipelines.

### Why package nerds care

Kubescape matters to package maintainers because it sits at the intersection of Kubernetes CLI tooling, security scanning databases, and policy frameworks. It is also an example of a CNCF security project with both a standalone CLI and in-cluster components.

### Timeline

- 2022: Kubescape was accepted to CNCF on December 13.
- 2025: Kubescape moved to CNCF Incubating maturity on January 13.

### Related projects

- Related projects and integrations include Kubernetes, Helm, Krew, Grype, Copacetic, Inspektor Gadget, GitHub Actions, and CNCF security/compliance tooling.

### Sources

- <https://github.com/kubescape/kubescape>
- <https://github.com/marketplace/actions/kubescape>
- <https://kubescape.io/docs>
- <https://kubescape.io/docs/install-cli/>
- <https://www.cncf.io/projects/kubescape/>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** kubescape
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - kubescape: normalized package name match | nixpkgs package indexes: pkgs/by-name/ku/kubescape/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- zypper - kubescape - 4.0.9-1.1: normalized package name match | openSUSE Tumbleweed package metadata: kubescape from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Tool providing a multi-cloud K8s single pane of glass | https://github.com/armosec/kubescape
- MacPorts - kubescape: normalized package name match | MacPorts ports tree: sysutils/kubescape/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/kubescape: normalized package name match | Scoop official bucket manifest trees: bucket/kubescape.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- winget - kubescape.kubescape: normalized package name match | Windows Package Manager source index: kubescape.kubescape from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [kube-bench](https://www.automicvault.com/pkg/brew/kube-bench/) - Shares av.db curated category or tags: cli, compliance, kubernetes, security.
- [gator](https://www.automicvault.com/pkg/brew/gator/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [kubehound](https://www.automicvault.com/pkg/brew/kubehound/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [checkov](https://www.automicvault.com/pkg/brew/checkov/) - Shares av.db curated category or tags: cli, compliance, kubernetes, security.
- [ksops](https://www.automicvault.com/pkg/brew/ksops/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [kubeseal](https://www.automicvault.com/pkg/brew/kubeseal/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [terrascan](https://www.automicvault.com/pkg/brew/terrascan/) - Shares av.db curated category or tags: cli, compliance, kubernetes, security.
- [intercept](https://www.automicvault.com/pkg/brew/intercept/) - Shares av.db curated category or tags: cli, compliance, security.

## Combined YAML source

View the package source record on GitHub. [combined/kubescape.yml](https://github.com/automic-vault/db/blob/main/combined/kubescape.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
