From 77427a069af567cbb074a4c18e3bbbaf61b94993 Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Mon, 17 Nov 2025 13:12:03 +0100
Subject: [PATCH] k8s tools

---
 .../kubernetes-hardening/README.md            | 58 ++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/src/pentesting-cloud/kubernetes-security/kubernetes-hardening/README.md b/src/pentesting-cloud/kubernetes-security/kubernetes-hardening/README.md
index 06350c449..64bb8e252 100644
--- a/src/pentesting-cloud/kubernetes-security/kubernetes-hardening/README.md
+++ b/src/pentesting-cloud/kubernetes-security/kubernetes-hardening/README.md
@@ -4,7 +4,7 @@
 
 ## Tools to analyse a cluster
 
-### [**Steampipe - Kubernetes Compliance](https://github.com/turbot/steampipe-mod-kubernetes-compliance)
+### [Steampipe - Kubernetes Compliance](https://github.com/turbot/steampipe-mod-kubernetes-compliance)
 
 It's will **several compliance checks over the Kubernetes cluster**. It includes support for CIS, National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity technical report for Kubernetes hardening.
 
@@ -124,6 +124,62 @@ To install:
 | Homebrew (macOS and Linux)                          | `brew install kube-score`                                                               |
 | [Krew](https://krew.sigs.k8s.io/) (macOS and Linux) | `kubectl krew install score`                                                            |
 
+## Tools to analyze YAML files & Helm Charts
+
+### [**Kube-linter**](https://github.com/stackrox/kube-linter)
+
+```bash
+# Install Kube-linter
+brew install kube-linter
+
+# Run Kube-linter
+## lint ./path/to/yaml/or/chart
+```
+
+### [Checkov](https://github.com/bridgecrewio/checkov)
+
+```bash
+# Install Checkov
+pip install checkov
+
+# Run Checkov
+checkov -d ./path/to/yaml/or/chart
+```
+
+### [kube‑score](https://github.com/zegl/kube-score)
+
+```bash
+# Install kube-score
+brew install kube-score
+
+# Run kube-score
+kube-score score ./path/to/yaml
+# or
+helm template chart /path/to/chart | kube-score score -
+# or if the chart needs some values
+helm template chart /path/to/chart \
+  --set 'config.urls[0]=https://dummy.backend.internal' \
+  | kube-score score -
+```
+
+### [Kubesec](https://github.com/controlplaneio/kubesec)
+
+```bash
+# Install Kubesec
+## Download from https://github.com/controlplaneio/kubesec/releases
+
+# Run Kubesec in a yaml
+kubesec scan ./path/to/yaml
+# or
+helm template chart /path/to/chart | kubesec scan -
+# or if the chart needs some values
+helm template chart /path/to/chart \
+  --set 'config.urls[0]=https://dummy.backend.internal' \
+  | kubesec scan -
+```
+
+
+
 ## Tips
 
 ### Kubernetes PodSecurityContext and SecurityContext