Skip to content

Kubernetes Compliance


This feature might change without preserving backwards compatibility.

This page describes Kubernetes specific compliance reports. For an overview of Trivy's Compliance feature, including working with custom compliance, check out the Compliance documentation.

Built in reports

The following reports are available out of the box:

Compliance Name for command More info
NSA, CISA Kubernetes Hardening Guidance v1.2 k8s-nsa Link
CIS Benchmark for Kubernetes v1.23 k8s-cis Link


Scan a full cluster and generate a compliance summary report:

$ trivy k8s cluster --compliance=<compliance_id> --report summary

Note : The Issues column represent the total number of failed checks for this control.

Get all of the detailed output for checks:

trivy k8s cluster --compliance=<compliance_id> --report all

Report result in JSON format:

trivy k8s cluster --compliance=<compliance_id> --report summary --format json
trivy k8s cluster --compliance=<compliance_id> --report all --format json