Static code analysis for Kubernetes definitions with opinionated security and reliability checks.
kube-score is a specialized static analysis tool designed for Kubernetes manifests, providing a deep-dive evaluation of object definitions against best practices. In the 2026 cloud-native landscape, kube-score remains a critical component of the 'shift-left' movement, allowing platform engineers and developers to detect misconfigurations before they reach production clusters. The tool focuses on several key pillars: security (identifying root containers or missing security contexts), reliability (ensuring liveness and readiness probes are defined), and resource management (validating CPU and memory requests/limits). Architecturally, kube-score operates by parsing YAML/JSON manifests and applying a battery of opinionated tests, returning a score and detailed remediation advice for each object. This descriptive feedback loop distinguishes it from generic linters, as it provides the 'why' behind every recommendation. Its lightweight Go-based binary makes it ideal for local development hooks and CI/CD pipelines. As Kubernetes complexity grows with 2026-era microservices, kube-score's ability to enforce pod anti-affinity and network policy presence ensures that infrastructure is not only functional but resilient and secure by design.
kube-score is a specialized static analysis tool designed for Kubernetes manifests, providing a deep-dive evaluation of object definitions against best practices.
Explore all tools that specialize in yaml/json parsing. This domain focus ensures kube-score delivers optimized results for this specific requirement.
Explore all tools that specialize in security context validation. This domain focus ensures kube-score delivers optimized results for this specific requirement.
Explore all tools that specialize in cpu/memory configuration. This domain focus ensures kube-score delivers optimized results for this specific requirement.
Checks for runAsNonRoot, readOnlyRootFilesystem, and privilegeEscalation settings within pods.
Ensures that every container has defined CPU and memory limits and requests to prevent OOM kills and CPU starvation.
Validates that Liveness and Readiness probes are configured and logically distinct for Pods.
Verifies that Pods targeted by a Service have podAntiAffinity configured to ensure high availability across nodes.
Flags any Pod that does not have a matching NetworkPolicy, preventing open lateral movement in clusters.
Checks if manifests are using deprecated or alpha/beta API versions that may be removed in future Kubernetes releases.
Allows developers to skip specific tests for edge cases using the 'kube-score/ignore' annotation.
Install kube-score via Homebrew: brew install kube-score.
Alternatively, download the latest binary from the GitHub Releases page.
Navigate to the directory containing your Kubernetes manifest files.
Run 'kube-score score <manifest-file>.yaml' for a single file check.
Use 'kubectl manifest -l | kube-score score -' to scan live cluster objects.
Examine the output for CRITICAL, WARNING, and OK status codes.
Review the descriptive text provided for each failure to understand the underlying best practice.
Adjust manifest configurations based on recommendations (e.g., adding readOnlyRootFilesystem).
Integrate into a CI pipeline using the 'kube-score score --exit-one-on-warning' flag for strict gating.
Configure ignore-test annotations for specific objects that require policy exceptions.
All Set
Ready to go
Verified feedback from other users.
"Users praise kube-score for its simplicity and the high quality of its educational output, though some find the 'opinionated' checks too strict for non-production environments."
Post questions, share tips, and help other users.
Template-free Kubernetes configuration management for declarative application customization.
The fastest polyglot Git hooks manager for high-performance engineering teams.
The world's most powerful IDE for Kubernetes, supercharged by AI-driven operations and multi-cloud observability.
The ultimate open-source orchestration tool for code quality, security, and consistent delivery.
The ultimate pull request automation engine for high-velocity engineering teams.
Harness delivers intelligent AI automation, so your team ships code faster, safer, and smarter.
Run Kubernetes locally with a single command to streamline containerized application development.