zegl/kube-score

Kube-score is a tool that performs static code analysis of Kubernetes object definitions, making recommendations to improve application security and resilience. The tool is available for installation on macOS, Linux and Windows, either through pre-built binaries on GitHub, Docker, Homebrew, or Krew. Kube-score checks include container limits, network policies, PodDisruptionPolicy, and PodAntiAffinity, among others. It can be used in a CI/CD environment, and will exit with an error code if a critical error has been found. Kube-score configuration can be customized using various flags, including disabling annotations and enabling optional tests. The tool’s output is a CSV list of all available score checks. An example output and usage scenarios with Helm, Kustomize, static YAMLs, and existing clusters are provided on the website.