By Reuven Harrison
As Kubernetes adoption continues to skyrocket, more eyes are looking at it and finding vulnerabilities in its code and configurations.
As a security-aware Kubernetes owner, you should track newly-discovered vulnerabilities and ensure that your Kubernetes patches are up to date and that your cluster is properly configured to eliminate known vulnerabilities.
We recently enhanced Tufin Orca to help you track your Kubernetes vulnerabilities.
Testing your Kubernetes Cluster for Vulnerabilities
- Register to Orca and follow the instructions to connect it to your cluster
- Open the Orca dashboard and see if you have any vulnerabilities
- If vulnerabilities exist in your version, upgrade your cluster or apply required patches

Testing for Kubernetes Vulnerabilities through an API
As mentioned above, new Kubernetes vulnerabilities are being discovered frequently, so even if your cluster is secure today, it may still become vulnerable tomorrow.
We recommend testing your cluster for vulnerabilities frequently as follows:
export VERSION=`kubectl version --short | grep Server | cut -d: -f2 | tr -d " "`
export DOMAIN=<your Orca domain name>
export PROJECT=<your Orca project name>
export TOKEN=<your Orca security token with scope 'all'>curl -s -H "Authorization: Bearer $TOKEN" "https://orca.tufin.io/audit/$DOMAIN/$PROJECT/vulnerabilities?version=$VERSION&component=kubernetes"
An empty response means you are free of vulnerabilities, otherwise you should update the cluster.
The Public Kubernetes Vulnerabilities Database
For the benefit of the Kubernetes community we have created this public Kubernetes vulnerabilities CVE database.
Pull requests are welcome!
