0hardik1/kubesplaining — explained in plain English
Analysis updated 2026-05-18
Scan a live Kubernetes cluster to find privilege escalation paths before an important release.
Analyze a saved cluster snapshot offline for an audit or air-gapped review.
Run in CI mode to block a pipeline when new high severity security findings appear.
Check a single Kubernetes manifest file for risky configuration without needing cluster access.
| 0hardik1/kubesplaining | 732124645/promptops | internetkafe/cfsearch | |
|---|---|---|---|
| Stars | 33 | 31 | 35 |
| Language | Go | Go | Go |
| Setup difficulty | easy | easy | moderate |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Needs a working kubectl context pointed at the cluster you want to scan, or a manifest file for offline checks.
Kubesplaining is a command line security tool for Kubernetes, the platform many companies use to run and manage containerized applications at scale. The tool acts like a simulated attacker, reading your cluster's configuration and mapping out every possible path a real attacker could follow to gain full control. Instead of just flagging individual misconfigurations one at a time, it builds a graph showing how several small issues chain together, tracing the exact sequence of steps from a low-privilege account all the way to complete cluster takeover, host root access, or read access to sensitive system secrets. It checks a wide range of problems: overly permissive access controls, containers running with too many privileges, missing network isolation rules, security checks that can be bypassed, and weak handling of secrets and service account tokens. For each finding, it names the specific technique, shows the supporting evidence pulled from your cluster, and gives concrete remediation steps, including ready-to-apply patches or policy files. Results can be exported as an HTML report for human review, or as JSON, CSV, and SARIF for feeding into other tools and GitHub's code scanning. You can run Kubesplaining directly against a live cluster using your existing kubectl connection, capture a snapshot and analyze it later offline for audits, or check a single Kubernetes manifest file without needing cluster access at all. It also supports a continuous integration mode that fails a pipeline only when new high severity findings appear compared to a previous baseline, so it can run automatically on every change. A security engineer, DevOps team, or developer responsible for a Kubernetes environment would use this to audit a cluster before an important release, prepare for a security review, run penetration testing engagements, or reconstruct how an attacker moved through the cluster after an incident. It is written in Go, ships as a single binary, and installs via a prebuilt release, Go install, Docker, or a clone-and-build workflow.
A command line tool that maps out exactly how an attacker could chain misconfigurations in a Kubernetes cluster to reach full control, with evidence and fixes for each step.
Mainly Go. The stack also includes Go, Kubernetes, Docker.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.