Kubescape

Kubescape is an open-source (Apache 2.0) Kubernetes security platform and CNCF incubating project, originally contributed by ARMO. It provides risk analysis, security and compliance posture scanning, misconfiguration detection, image and runtime vulnerability scanning, and eBPF-based runtime threat detection across the IDE, CI/CD pipelines, and live clusters. The core Kubescape is a CLI and an in-cluster Operator whose components expose OpenAPI/Swagger-documented HTTP APIs in-cluster (there is no single hosted public REST endpoint for the open-source tool). ARMO Platform is the commercial multi-cluster, multi-cloud SaaS built on Kubescape and exposes a documented hosted Customer API (base https://api.armosec.io) for posture, compliance, vulnerabilities, runtime incidents, attack paths, network policies, and registry/repository scanning, authenticated with an X-API-KEY access key.

7 APIs 0 Features
Kubernetes SecurityCloud Native SecurityContainer SecurityDevSecOpsKubernetesVulnerability ScanningComplianceRuntime SecurityCNCFOpen Source

APIs

Kubescape Posture & Compliance API

Retrieve compliance posture across NSA-CISA, MITRE ATT&CK, CIS, and other frameworks - framework scan summaries, per-control run results, framework subsections, and the affected...

Kubescape Vulnerabilities API

Initiate image vulnerability scans and read results - scan summaries and detailed CVE listings, severity metrics, top and over-time vulnerability trends, and scoped views by vul...

Kubescape Runtime Security API

Read and triage eBPF-based runtime threat detection output - list runtime incidents and their alerts, group incidents by severity, request incident explanations, resolve or unre...

Kubescape Network Policies API

Generate and retrieve least-privilege Kubernetes NetworkPolicies and seccomp profiles derived from observed application behavior (the Bill of Behavior), for hardening workloads ...

Kubescape Registry & Repository Scanning API

Schedule and manage container-registry scans (ECR, GAR, ACR, Harbor, Quay, Nexus, GitLab) and read Git repository posture - failed controls, scanned files, repositories, and aff...

Kubescape Access Keys API

Create, list, retrieve, and revoke the Agent Access Keys used to authenticate ARMO Platform Customer API requests via the X-API-KEY header, plus manage posture and vulnerability...

Kubescape In-Cluster Component API (Open Source)

The open-source Kubescape Operator's in-cluster components (storage, kubevuln, gateway, operator, node-agent) each expose an OpenAPI/Swagger-documented HTTP API reachable inside...

Collections

Pricing Plans

Kubescape Plans Pricing

4 plans

PLANS

Rate Limits

Kubescape Rate Limits

4 limits

RATE LIMITS

FinOps

Resources

🔗
AgenticAccess
AgenticAccess
🔗
DomainSecurity
DomainSecurity
🔑
Authentication
Authentication
👥
GitHubOrganization
GitHubOrganization
🔗
LinkedIn
LinkedIn
🔗
Website
Website
🔗
Documentation
Documentation
🔗
Plans
Plans
🔗
RateLimits
RateLimits
🔗
FinOps
FinOps
📰
Blog
Blog

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: ARMO Platform Customer API (Kubescape)
  version: '1.0'
request:
  auth:
    type: apikey
    apikey:
      key: X-API-KEY
      value: '{{apiKey}}'
      in: header
items:
- info:
    name: Posture & Compliance
    type: folder
  items:
  - info:
      name: Get framework scan summaries
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/posture/frameworks
      body:
        type: json
        data: '{ "pageSize": 50, "pageNum": 0 }'
    docs: Compliance scan summaries per framework (NSA-CISA, MITRE, CIS).
  - info:
      name: Get control run results
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/posture/controls
      body:
        type: json
        data: '{ "pageSize": 50, "pageNum": 0 }'
    docs: Per-control run results (Kubescape controls C-0001..C-0292).
  - info:
      name: List affected resources
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/posture/resources
      body:
        type: json
        data: '{ "pageSize": 50, "pageNum": 0 }'
    docs: Kubernetes resources affected by posture control failures.
- info:
    name: Vulnerabilities
    type: folder
  items:
  - info:
      name: Initiate a vulnerability scan
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/vulnerability/scan
      body:
        type: json
        data: '{ "cluster": "", "namespace": "" }'
    docs: Trigger an image vulnerability scan.
  - info:
      name: List vulnerabilities
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/vulnerabilities/list
      body:
        type: json
        data: '{ "pageSize": 50, "pageNum": 0 }'
    docs: Scoped list of vulnerabilities including runtime-in-use filtering.
  - info:
      name: Get CVE details
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/vulnerability/scanResults/details
      body:
        type: json
        data: '{ "pageSize": 50, "pageNum": 0 }'
    docs: Detailed CVE listings for a scan.
- info:
    name: Runtime Security
    type: folder
  items:
  - info:
      name: List runtime incidents
      type: http
    http:
      method: GET
      url: https://api.armosec.io/api/v1/runtimeIncidents
    docs: eBPF-based runtime threat detection incidents.
  - info:
      name: Get attack chains
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/attackChains
      body:
        type: json
        data: '{}'
    docs: Attack path (attack chain) analysis.
- info:
    name: Network Policies
    type: folder
  items:
  - info:
      name: Generate NetworkPolicies
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/networkPolicies/generate
      body:
        type: json
        data: '{}'
    docs: Generate least-privilege NetworkPolicies from observed behavior.
- info:
    name: Registry & Repository
    type: folder
  items:
  - info:
      name: Schedule a registry scan
      type: http
    http:
      method: POST
      url: https://api.armosec.io/api/v1/registry/scan
      body:
        type: json
        data: '{ "registryName": "", "registryProvider": "ecr" }'
    docs: Schedule a container registry scan.
- info:
    name: Access Keys
    type: folder
  items:
  - info:
      name: List agent access keys
      type: http
    http:
      method: GET
      url: https://api.armosec.io/api/v1/authentication/accessKeys
    docs: List Agent Access Keys used for X-API-KEY authentication.