Kubescape Security Scanning

This guide enables Kubescape in offline mode for lightweight configuration and vulnerability scanning.

Step 1: Sync the Kubescape application

ArgoCD deploys Kubescape from infrastructure/kubescape/.

kubectl -n argocd get applications | rg kubescape

kubectl -n kubescape get pods

Configuration scans:

kubectl get workloadconfigurationscans -A

Image vulnerability scans:

kubectl get vulnerabilitymanifests -A

Edit infrastructure/kubescape/kubescape.yaml to adjust capabilities or namespace filters, then let ArgoCD sync.

The defaults keep admission control and runtime detections disabled to avoid disrupting workloads.