kube-audit-kit

What problem does it solve?

Kubernetes security audits are often complex and manual, requiring you to export all resources, clean sensitive metadata, group resources by workload, and generate comprehensive reports. This Skill automates the entire, read-only audit workflow end-to-end, reducing risk and effort.

Core Features & Use Cases

• Read-only export of all namespaced resources using kubectl get/list
• Metadata sanitization to remove sensitive information
• Intelligent grouping of resources into applications based on workload topology
• Dual-phase audit: script-based checks plus AI-assisted deep review
• Outputs a comprehensive audit report and structured artifacts per context/namespace
• Works across contexts and namespaces for security reviews and compliance checks

Quick Start

Set the output directory to a local folder:

• export KUBE_AUDIT_OUTPUT="$(pwd)/output" Run the four steps in order:
• uv run python scripts/export.py --context <ctx> --namespace <ns>
• uv run python scripts/sanitize.py --context <ctx> --namespace <ns>
• uv run python scripts/group_apps.py --context <ctx> --namespace <ns>
• uv run python scripts/audit.py --context <ctx> --namespace <ns> View the final report:
• cat output/<ctx>/<ns>/audit/audit_report.md