Siemens HackaTUM 2025 Challenge

Kubernetes Security
Scanner & Remediation Tool

Automatically detect misconfigurations and security vulnerabilities in Kubernetes environments. Built to demonstrate automated security scanning, intelligent remediation suggestions, and real-time cluster monitoring.

View Live DemoLearn More
Quick Install • One Command • Production Ready
terminal~/kubernetes

The Challenge

Why Kubernetes security matters in today's cloud-native world

The Threat Landscape

Recent cloud infrastructure breaches at Microsoft, AMD & Intel cloud vulnerabilities, and supply chain attacks (remember xz/liblzma?) highlight the critical need for automated security detection.

Cloud outages impact millions
Misconfigurations are widespread
Supply chain compromises increasing

The Solution

Build a tool that automatically detects security vulnerabilities and misconfigurations in Kubernetes environments, with intelligent remediation suggestions or automated fixes.

Automated vulnerability scanning
Configuration analysis
Actionable remediation guidance

The Approach

Multiple approaches possible: CI/CD integration, admission controller, in-cluster scanner, or ML-based analysis. The key is making it maintainable, scalable, and accurate.

Real-time or scheduled scanning
GitOps-friendly deployment
Low operational overhead

Our Implementation

A comprehensive security scanning solution demonstrating the core capabilities

6 Security Scans

Automated detection of secrets, misconfigurations, RBAC wildcards, exposed services, container images, and workload vulnerabilities.

Base64 secret detection
RBAC privilege analysis
Ingress TLS validation

Topology Visualization

Interactive graph showing relationships between namespaces, pods, services, and nodes with real-time vulnerability highlighting.

ReactFlow-powered graphs
Auto-layout algorithms
Real-time updates

Continuous Monitoring

In-cluster daemon continuously scans for issues, exposing findings through REST API with detailed remediation suggestions.

Python Kubernetes client
FastAPI REST endpoints
Minimal resource overhead

Architecture

Simple, scalable design for enterprise Kubernetes

01

Cluster Scanner

Kubernetes Python client scans all namespaces

ClusterScanner.scan()
02

Graph Builder

Converts resources to nodes & links

GraphBuilder.build()
03

FastAPI

REST API exposes graph data

GET /api/graph
04

Next.js UI

ReactFlow visualization

useGraphStore()
BackendPython 3.11+ • FastAPI • Kubernetes Client
FrontendNext.js 16 • React 19 • ReactFlow • TypeScript
InfrastructureDocker Compose • Traefik • Kind • Flux

Evaluation Criteria

What makes a great Kubernetes security scanner?

Detection Quality

  • Accurately finds misconfigurations
  • Covers broad attack surface
  • Minimizes false positives
  • Provides clear, actionable feedback
Core Focus

Operational Excellence

  • Easy to deploy and use
  • Simple to maintain and extend
  • Scales with cluster size
  • Minimal resource overhead
  • Fast deployment time

Innovation

  • Novel detection approaches
  • Intelligent remediation
  • Extensible architecture
  • Integration-friendly design
  • Significant original contribution

Ready to explore the demo?

See our Kubernetes security scanner in action with live cluster data

View Live Demo

© 2025 Carakube. Built for Siemens' HackaTUM Challenge 2025.