A Comparison of Kubernetes Compliance Standards and Configuration Scanners

📅 2026-06-23
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study addresses the significant inconsistencies among current Kubernetes security hardening guidelines and configuration scanning tools in terms of recommendation coverage and risk scoring, which hinder effective security configuration decisions. The authors systematically analyze eight widely adopted hardening guides to derive a unified benchmark of 79 configuration recommendations and conduct a structured empirical evaluation of ten static scanning tools. For the first time, they establish a standardized framework for assessing Kubernetes configuration security. Their findings reveal substantial discrepancies in both coverage and risk assessment across existing guidelines and tools, underscoring the urgent need for a transparent and consistent security evaluation methodology. This work provides the community with a reproducible benchmark and actionable criteria for tool selection and policy alignment.
📝 Abstract
Kubernetes has become the industry standard for orchestrating containers in microservice-based software architectures. While several hardening guidelines and scanning tools for securing Kubernetes clusters and deployments have emerged in recent years, their differing guidance and outputs often lead to inconsistent configuration and prioritization decisions. This work presents a systematic comparison of eight commonly used Kubernetes hardening guidelines. Through this comparison and the inclusion of best practices, we established a benchmark of 79 Kubernetes configuration recommendations and conducted the a structured empirical evaluation of ten popular static configuration scanning tools and their scoring outputs. Our findings reveal substantial disparities in the coverage of configuration issues across hardening guidelines and scanners, as well as inconsistencies in how configuration issues are scored and ranked by different scanners. These results highlight the need for more standardized, transparent, and consistent approaches to risk and severity assessment of Kubernetes configuration issues.
Problem

Research questions and friction points this paper is trying to address.

Kubernetes
compliance standards
configuration scanners
security hardening
risk assessment
Innovation

Methods, ideas, or system contributions that make the work stand out.

Kubernetes hardening
configuration scanning
security benchmarking
compliance standards
empirical evaluation
🔎 Similar Papers
No similar papers found.