Skip to content

Kubescape tool support #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
slashben wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Kubescape tool support #38

slashben wants to merge 2 commits into from
+4,005 −0

Conversation

@slashben
Copy link

@slashben slashben commented Jan 19, 2026
edited
Loading

Add Kubescape Security Integration

This PR adds native Kubescape integration to kagent-tools, enabling AI assistants to analyze Kubernetes security posture directly from the cluster.

What is Kubescape?

Kubescape is a CNCF Kubernetes security platform that provides vulnerability scanning, configuration security analysis, and runtime observability. When deployed as an operator, it continuously monitors your cluster and stores security findings as Custom Resources.

New Capabilities

Security Scanning

  • List and inspect vulnerability manifests to find CVEs in container images
  • Review configuration scans to identify security misconfigurations (RBAC issues, missing security contexts, etc.)
  • Get detailed remediation guidance for specific vulnerabilities

Runtime Observability

  • Analyze ApplicationProfiles to see actual container behavior: running processes, file access patterns, syscalls, and Linux capabilities
  • Inspect NetworkNeighborhoods to understand real network traffic patterns (ingress/egress connections, DNS, ports)

New Tools

Tool Description
kubescape_check_health Verify Kubescape operator is installed and operational
kubescape_list_vulnerability_manifests List CVE scan results by image or workload
kubescape_list_vulnerabilities Get all CVEs in a specific manifest with severity breakdown
kubescape_get_vulnerability_details Deep dive into a specific CVE
kubescape_list_configuration_scans List security configuration scan results
kubescape_get_configuration_scan Get detailed misconfigurations for a workload
kubescape_list_application_profiles List runtime behavior profiles
kubescape_get_application_profile Inspect what a workload actually executes
kubescape_list_network_neighborhoods List network communication patterns
kubescape_get_network_neighborhood Analyze actual network connections

Dependency

Install Kubescape operator with desired capabilities:

helm upgrade --install kubescape kubescape/kubescape-operator -n kubescape --create-namespace
--set capabilities.vulnerabilityScan=enable
--set capabilities.continuousScan=enable
--set capabilities.runtimeObservability=enable

@slashben
Add Kubescape integration
c862cdc 
- Introduced Kubescape tool support, including registration of various tools for health checks, vulnerability manifests, and configuration scans.
- Implemented specific error handling for Kubescape-related operations, providing detailed suggestions based on error types.

Signed-off-by: Ben <[email protected]>
@slashben
Enhance Kubescape tool by adding runtime observability features
1e705ef 
- Introduced checks for ApplicationProfiles and NetworkNeighborhoods CRDs in health checks, with corresponding recommendations for enabling runtime observability.
- Added handlers for listing and retrieving ApplicationProfiles and NetworkNeighborhoods, capturing runtime behavior and network communication patterns of workloads.

Signed-off-by: Ben <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EItanya EItanya Awaiting requested review from EItanya EItanya is a code owner

@dimetron dimetron Awaiting requested review from dimetron dimetron is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@slashben