Stop parsing JSONs. Get one clean security report from multiple Kubernetes scanners.
You run Trivy and Grype on your cluster. You get 10,000 lines of JSON. The same CVE shows up 3 times. You spend 2-3 hours parsing it manually. Your boss wants a PowerPoint.
One command. 30 seconds. Clean report.
secclear scan minikubeWhat you get: Executive summary with top 5 issues. Auto-deduplication shows each CVE once. Scanner comparison tells you which tool found what. High-confidence findings from multiple scanners.
Image Scanners (CVE detection):
Cluster Scanners (configuration checks):
- Kubescape - ARMO
- kube-bench - Aqua Security
- Popeye - Derailed
Install at least 2 image scanners. Cluster scanners are optional.
Quick install:
curl -sSL https://raw.githubusercontent.com/topcug/secclear-cli/main/install.sh | bashManual install from releases:
# Linux
curl -sSL https://github.com/topcug/secclear-cli/releases/latest/download/secclear-linux-amd64 -o secclear
chmod +x secclear
sudo mv secclear /usr/local/bin/
# macOS Intel
curl -sSL https://github.com/topcug/secclear-cli/releases/latest/download/secclear-darwin-amd64 -o secclear
chmod +x secclear
sudo mv secclear /usr/local/bin/
# macOS Apple Silicon
curl -sSL https://github.com/topcug/secclear-cli/releases/latest/download/secclear-darwin-arm64 -o secclear
chmod +x secclear
sudo mv secclear /usr/local/bin/# Scan your cluster
secclear scan minikube
# HTML report
secclear scan minikube --format html
# Specific namespace
secclear scan minikube -n productionTerminal shows risk level, overlap metrics, and high-confidence findings. Reports include top 5 action items, all CRITICAL/HIGH CVEs with fixes, and scanner comparison. See examples/ for sample outputs.
Discovers images in your cluster. Runs Trivy and Grype in parallel. Deduplicates CVEs. Runs cluster scanners. Generates reports with scanner attribution.
Scanner agreement = high confidence. CVE found by 2+ scanners means definitely fix. CVE found by 1 scanner means review for false positive.
MIT