I scanned Kubernetes with a security tool.

#debuggix #programming #productivity #devops

I scanned Kubernetes with a security tool. 327 findings. 60 seconds.

Here's the honest breakdown:

✅ Real issues:
• 2 dependency CVEs (mapstructure, glog)
• TLS configs missing minimum version across 20+ files
• HTTP servers without TLS in test infra
• math/rand instead of crypto/rand in ~50 files
• Disabled SSH host key verification in e2e tests
• Hardcoded secrets in test YAML files

❌ Not real (test data):
• 100+ private keys in testdata/ folders
• Intentional insecure configs for local testing
• gRPC servers without TLS in mock services

The lesson isn't "Kubernetes is insecure."
It's that every codebase has flags.
Even the most-reviewed project on the planet.

The question is: when was the last time you scanned yours?