Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

release License Tweet


sKan is powered by the Alcide Advisor scan engine and Open Policy Agent (OPA)


sKan is a tailor made Kubernetes configuration files and resources scanner that enables developers and devops team members to check whether their work is compliant with security & ops best practices.


Install sKan

sKan supports Linux, Mac & Windows and the latest release is available here.

Or use

$ curl | bash

sKan Kubernetes file

$ skan manifest --report-passed -f kaudit_for_eks.yaml
[skan-this] Analyzing resources from '1' files/directories.
[skan-this] Loaded '9' objects
[skan-this] Ops Conformance | Workload Readiness & Liveness
[skan-this] Ops Conformance | Workload Capacity Planning
[skan-this] Workload Software Supply Chain | Image Registry Whitelist
[skan-this] Ingress Controllers & Services | Ingress Security & Hardening Configuration
[skan-this] Ingress Controllers & Services | Ingress Controller (nginx) 
[skan-this] Ingress Controllers & Services | Service Resource Checks
[skan-this] Pod Security | Workload Hardening
[skan-this] API Server Access Privileges | Privileged Kubernetes API Server Access
[skan-this] Secret Hunting | Find Secrets in ConfigMaps
[skan-this] Secret Hunting | Find Secrets in Pod Environment Variables
[skan-this] Admission Controllers | Validating Admission Controllers
[skan-this] Admission Controllers | Mutating Admission Controllers
[skan-this] Generating report (html) and saving as 'skan-result.html'
[skan-this] Summary:
[skan-this] Critical .... 0
[skan-this] High ........ 4
[skan-this] Medium ...... 2
[skan-this] Low ......... 0
[skan-this] Pass ........ 21
$ open skan-result.html

sKan Helm Chart

$ helm template kaudit deploy/charts/kaudit --set k8sAuditEnvironment=eks | skan manifest -f -

sKan Kustomized Resources

kubectl kustomize helloWorld | skan manifest -f -

Command Line Example

Validate Kubernetes resource(s) handed as YAML.

YAML file with multiple resources are supported.
By default a HTML report is generated. To generate YAML based outformat use --output flag

skan manifest -f mydeployment.yaml

  skan manifest [flags]

  manifest, file, Files, m, manifests, validate


# Validate a YAML file. Multiple YAML files separated with '---' is supported
skan manifest -f mydeployment.yaml -f myotherdeployment.yaml

# Validate all the resources found under the namespace 'myns' of a cluster with 'kubectl get'
kubectl get all -n myns -o yaml | skan manifest --report-passed -f -

# Validate resource kustomization
kubectl kustomize helloWorld | skan manifest -f -

# Validate Helm Chart
helm template kaudit deploy/charts/kaudit --set k8sAuditEnvironment=eks | skan manifest -f -

  -d, --debug               Debug trace level
  -f, --filename strings    One or more file names (or directories) that contain the configuration to sKan
  -h, --help                help for manifest
  -o, --output string       output format. Supported formats are html, yaml and json (default "html")
      --outputfile string   OutputFormat file (default "skan-result.html")
  -p, --report-passed       Report passed checks



If you think you have found a bug please follow the instructions below.

  • Please spend a small amount of time giving due diligence to the issue tracker. Your issue might be a duplicate.
  • Open a new issue if a duplicate doesn't already exist.


If you have an idea to enhance rbac-tool follow the steps below.

  • Open a new issue.
  • Remember users might be searching for your issue in the future, so please give it a meaningful title to helps others.
  • Clearly define the use case, using concrete examples.
  • Feel free to include any technical design for your feature.

Stargazers over time