diff --git a/docs/docs/kubernetes/cli/scanning.md b/docs/docs/kubernetes/cli/scanning.md
index f8f515b0bf..d06f272ae5 100644
--- a/docs/docs/kubernetes/cli/scanning.md
+++ b/docs/docs/kubernetes/cli/scanning.md
@@ -4,7 +4,7 @@
 
 This feature might change without preserving backwards compatibility.
 
-Scan your Kubernetes cluster for both Vulnerabilities and Misconfigurations.
+Scan your Kubernetes cluster for both Vulnerabilities, Secrets and Misconfigurations.
 
 Trivy uses your local kubectl configuration to access the API server to list artifacts.
 
@@ -24,6 +24,14 @@ Filter by severity:
 $ trivy k8s --severity=CRITICAL --report=all
 ```
 
+Filter by security check (Vulnerabilties, Secrets or Misconfigurations):
+
+```
+$ trivy k8s --security-checks=secret --report=summary
+# or
+$ trivy k8s --security-checks=config --report=summary
+```
+
 Scan a specific namespace:
 
 ```
diff --git a/pkg/commands/app.go b/pkg/commands/app.go
index 5e038b3efe..c1712d0954 100644
--- a/pkg/commands/app.go
+++ b/pkg/commands/app.go
@@ -806,13 +806,17 @@ func NewPluginCommand() *cli.Command {
 func NewK8sCommand() *cli.Command {
 	k8sSecurityChecksFlag := withValue(
 		securityChecksFlag,
-		fmt.Sprintf("%s,%s", types.SecurityCheckVulnerability, types.SecurityCheckConfig),
+		fmt.Sprintf(
+			"%s,%s,%s",
+			types.SecurityCheckVulnerability,
+			types.SecurityCheckConfig,
+			types.SecurityCheckSecret),
 	)
 
 	return &cli.Command{
 		Name:    "kubernetes",
 		Aliases: []string{"k8s"},
-		Usage:   "scan kubernetes vulnerabilities and misconfigurations",
+		Usage:   "scan kubernetes vulnerabilities, secrets and misconfigurations",
 		CustomHelpTemplate: cli.CommandHelpTemplate + `EXAMPLES:
   - cluster scanning:
       $ trivy k8s --report summary