A Comparison of Kubernetes Compliance Standards and Configuration Scanners

Computer Science > Cryptography and Security [Submitted on 23 Jun 2026] A Comparison of Kubernetes Compliance Standards and Configuration Scanners Michael Krieger, Markus Gierlinger, Farooq Shaikh, Mario Kahlhofer Kubernetes has become the industry standard for orchestrating containers in microservice-based software architectures. While several hardening guidelines and scanning tools for securing Kubernetes clusters and deployments have emerged in recent years, their differing guidance and outputs often lead to inconsistent configuration and prioritization decisions. This work presents a systematic comparison of eight commonly used Kubernetes hardening guidelines. Through this comparison and the inclusion of best practices, we established a benchmark of 79 Kubernetes configuration recommendations and conducted the a structured empirical evaluation of ten popular static configuration scanning tools and their scoring outputs. Our findings reveal substantial disparities in the coverage of configuration issues across hardening guidelines and scanners, as well as inconsistencies in how configuration issues are scored and ranked by different scanners. These results highlight the need for more standardized, transparent, and consistent approaches to risk and severity assessment of Kubernetes configuration issues. Comments: 22 pages, 3 figures, for benchmark implementation, see this https URL Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2606.24438 [cs.CR]   (or arXiv:2606.24438v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2606.24438 Focus to learn more Submission history From: Michael Krieger [view email] [v1] Tue, 23 Jun 2026 11:16:33 UTC (361 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-06 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)