Kubescape tool support #38
Merged
+3,808
−11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
|
@slashben - thanks for contributing, could you please rebase with latest main to resolve CI and linter errors see slashben@d822411 |
- Introduced Kubescape tool support, including registration of various tools for health checks, vulnerability manifests, and configuration scans. - Implemented specific error handling for Kubescape-related operations, providing detailed suggestions based on error types. Signed-off-by: Ben <[email protected]>
- Introduced checks for ApplicationProfiles and NetworkNeighborhoods CRDs in health checks, with corresponding recommendations for enabling runtime observability. - Added handlers for listing and retrieving ApplicationProfiles and NetworkNeighborhoods, capturing runtime behavior and network communication patterns of workloads. Signed-off-by: Ben <[email protected]>
…ed test warnings Signed-off-by: Ben <[email protected]>
slashben
force-pushed
the
kubescape-tool-support
branch
from
1e705ef to
0a285b7
Compare
Contributor
Author
@dimetron done! |
dimetron
approved these changes
Jan 26, 2026
…errors Signed-off-by: Ben <[email protected]>
Signed-off-by: Ben <[email protected]>
Contributor
Author
|
@dimetron I have increased the timeout for golinter, can you re-run tests? |
EItanya
approved these changes
Jan 27, 2026
Contributor
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Kubescape Security Integration
This PR adds native Kubescape integration to kagent-tools, enabling AI assistants to analyze Kubernetes security posture directly from the cluster.
What is Kubescape?
Kubescape is a CNCF Kubernetes security platform that provides vulnerability scanning, configuration security analysis, and runtime observability. When deployed as an operator, it continuously monitors your cluster and stores security findings as Custom Resources.
New Capabilities
Security Scanning
Runtime Observability
New Tools
kubescape_check_healthkubescape_list_vulnerability_manifestskubescape_list_vulnerabilitieskubescape_get_vulnerability_detailskubescape_list_configuration_scanskubescape_get_configuration_scankubescape_list_application_profileskubescape_get_application_profilekubescape_list_network_neighborhoodskubescape_get_network_neighborhoodDependency
Install Kubescape operator with desired capabilities:
helm upgrade --install kubescape kubescape/kubescape-operator -n kubescape --create-namespace
--set capabilities.vulnerabilityScan=enable
--set capabilities.continuousScan=enable
--set capabilities.runtimeObservability=enable