Core 01 · Cluster Operations

Kubernetes security posture and compliance — audit-ready, continuously.

Atmosly is Kubernetes security posture management (KSPM): it scans every connected cluster against CIS, NSA, PCI DSS, SOC 2, and HIPAA — continuously. It catches drift the moment your security posture regresses, and generates the evidence pack auditors actually ask for. Compliance becomes a dashboard you watch, not a fire drill you survive.

  • Read-only scanning
  • Drift detection
  • Evidence-pack export
compliance posture · prod-cluster
87posture
Cluster posture score
148 controls · 5 frameworks · live
132 pass11 warn5 fail
CIS K8s92%
NSA88%
PCI DSS78%
SOC 284%
HIPAA81%
Top findings
2 pods with privileged: trueCRIT
Network policies missing in 6 namespacesCRIT
9 service accounts with overly-broad RBACHIGH
Scanned continuously against CIS Benchmark NSA Hardening PCI DSS SOC 2 HIPAA ISO 27001
How it works

Scan, catch drift, prove it — without an audit-prep quarter.

Continuous Kubernetes security posture management on every connected cluster — compliance automation, not a point-in-time snapshot that's stale by lunchtime. A live security posture you can watch, and evidence you can hand to an auditor on demand.

continuous scan · prod-cluster
RBAC24/26
netpol12/18
pod-sec8/14
image40/42
secrets18/20
passwarnfail
01 — Scan

Continuous checks across every control surface

RBAC, network policy, pod security, secrets, and images — checked continuously against every framework you care about, on every cluster, without you scheduling a thing.

  • CIS, NSA, PCI DSS, SOC 2 & HIPAA frameworks
  • RBAC, network-policy & pod-security checks
  • A live posture score per framework — not a yearly snapshot
drift · prod-cluster
SOC 2 posture · last 14d86% → 84%
85% target
SOC 2 posture 86% → 84%DRIFT
New SA bound to cluster-adminCAUSE
Flagged to #security · owner notified
02 — Catch drift

Know the moment posture regresses

Configuration drifts — a new binding, a relaxed policy, a fresh namespace without isolation. Atmosly compares posture across every connected cluster and flags the regression, with the cause attached, before it lands in an audit finding.

  • Drift detection across every connected cluster
  • Each regression carries its cause from the audit log
  • Owner notified — no waiting for the next quarterly review
evidence pack
142/ 148
SOC 2 Type IIQ2 2026
PCI DSSready
CIS Benchmarkready
EXPORTevidence-pack · prod-cluster.pdf
controls 142/148timestamped
03 — Prove

The evidence pack auditors actually ask for

When the audit comes, the artifact is already built: control coverage, check results, and remediation history per framework — exported on demand, not assembled by hand over a frantic week.

  • Audit-ready evidence pack export, per framework
  • Control coverage + remediation history, timestamped
  • Zero audit-prep cycles — it's always current
What's inside

Coverage across every Kubernetes attack surface

The container security and cluster security checks that turn a cluster from "probably fine" into a security posture you can prove — and defend.

Framework coverage

CIS, NSA Kubernetes Hardening, PCI DSS, SOC 2, and HIPAA — each scored continuously, per cluster.

RBAC & permissions

Surfaces over-broad role bindings and service accounts before they become the breach path.

Network policy

Flags namespaces without isolation and risky ingress/egress paths across the cluster.

Pod security

Catches privileged containers, hostPath mounts, and dangerous capabilities at admission and at rest.

Image & supply chain

Image vulnerability scanning for known CVEs plus registry-trust checks, so what runs in the cluster is what you vetted.

Audit-ready evidence

One-click evidence pack with control coverage and remediation history, accepted by auditors.

Live posture

See your live Kubernetes security posture

Connect one cluster read-only and you'll have a full Kubernetes security posture — CIS, PCI DSS, SOC 2 and more, with the privileged pods, missing policies and broad RBAC — on your dashboard in about five minutes. No agent to babysit, no sales call.

Active Cluster Actions
Security Score
Your cluster's current security posture based on recent scan results.
55.81%
Passed67
Failed58
Trend over Time
Track how your security score has changed across past scans.
60 45 30 15 0
09 June 202616 June 202622 June 202629 June 2026
Last scanned: Mon, Jun 29, 2026, 6:49:31 PM
Evaluated against: MITRE ATT&CK ArmoBest SOC 2 ISO27001 Each failing control below is mapped to one or more of these standards.
All
58Failed
Access Control
21Failed
Secrets
02Failed
Workload
28Failed
Network
05Failed
Controls
List of security checks mapped to best-practice frameworks.
Name Category Status Failed Count Passed Count Risk Evaluated against
Check if signature exists Workload Failed 39 10 High Armo View More
Enforce network policies Network Failed 05 12 High SOC 2 View More
Restrict privileged containers Access Control Failed 11 03 Medium MITRE View More
Scan my cluster →
The payoff

What changes when compliance runs itself

Compliance automation and continuous security posture management, measured — here's what changes when the scanning, drift detection, and evidence all run themselves.

5+
frameworks scored continuously, per cluster
0
audit-prep cycles — the evidence is always current
minutes
to a shareable evidence pack, not a quarter
every
cluster compared for drift, continuously

Representative of customer-reported outcomes. Your results depend on cluster count and current posture.

Questions

What teams ask before connecting a cluster

Does scanning need write access to my cluster?
No. Security scanning is read-only. Atmosly reads your cluster's configuration and reports posture, drift, and findings — it never needs write access to assess you. Remediation, when you choose it, runs through the same guardrails as everything else.
Does it replace Trivy, Kyverno, or my admission controller?
It complements them. Atmosly gives you unified security posture across frameworks and clusters, and coexists with the Kubernetes security tools you already run — Trivy, Kyverno, admission controllers — pulling their signal into one place rather than asking you to rip anything out.
How is drift actually detected?
Atmosly continuously re-scores each cluster's posture and compares it over time and across clusters. When a framework score regresses — a new binding, a relaxed policy — it's flagged with the cause pulled from the audit log, so you see what changed and why.
Will auditors accept the evidence pack?
The pack is built around what auditors ask for: control coverage, check results, and timestamped remediation history per framework. It's the artifact teams hand over for SOC 2 and PCI DSS reviews — generated on demand, always reflecting the cluster's current state.
Which compliance frameworks does Atmosly scan against?
CIS Kubernetes Benchmark, NSA Kubernetes Hardening Guidance, PCI DSS, SOC 2, HIPAA, and ISO 27001. Every connected cluster is scored against each framework continuously, so you get a live per-framework posture score instead of a point-in-time report.
What Kubernetes security checks are included?
Checks cover every major control surface: RBAC and service-account permissions, network policies and namespace isolation, pod security (privileged containers, hostPath mounts, dangerous capabilities), secrets handling, and image and supply-chain trust including known CVEs.
How often does Atmosly scan my clusters?
Continuously — there is nothing to schedule. Posture is re-scored as configuration changes, which is what makes drift detection possible: a regression is flagged the moment it happens, not at the next quarterly review or yearly audit-prep cycle.
How is this different from kube-bench or Kubescape?
Point-in-time scanners give you a snapshot that's stale by lunchtime. Atmosly keeps a live posture score per framework across every connected cluster, detects drift with the cause attached, and generates the audit evidence pack — the workflow around the scan, not just the scan itself.
Does it work across multiple clusters and clouds?
Yes. Every connected cluster is scanned and scored the same way, and posture is compared across clusters — that cross-cluster comparison is how regressions stand out. One dashboard covers your whole estate instead of a per-cluster report you stitch together.
Can Atmosly fix the findings it discovers?
Findings come with the owner notified and the cause attached; remediation is your call and runs through the same guardrails as everything else in Atmosly — reviewed, approved, and recorded. That remediation history then feeds the evidence pack automatically.
Is Atmosly a KSPM (Kubernetes Security Posture Management) tool?
Yes. Atmosly is Kubernetes security posture management: it continuously scores your security posture against CIS, NSA, PCI DSS, SOC 2, HIPAA, and ISO 27001, detects drift across clusters, and turns it into an audit-ready evidence pack. It's KSPM plus the container security checks — RBAC, network policy, pod security, secrets, and image trust — and the workflow around them, so cloud native security across your whole estate reads as one control plane.
Does Atmosly do vulnerability scanning?
Atmosly includes image vulnerability scanning for known CVEs and registry-trust checks as part of its posture assessment, and surfaces those findings alongside RBAC, network-policy, and pod-security issues. For deep image scanning it complements dedicated scanners like Trivy rather than replacing them — pulling their signal into your unified security posture.

How exposed is your cluster right now?

Connect one cluster, read-only. Your posture across CIS, PCI DSS and SOC 2 — plus the privileged pods, missing policies, and broad RBAC — shows up on your dashboard in about five minutes. Free, no sales call.

Scan my cluster → Book a 15-min walkthrough