Pre-deploy manifest review
Kubernetes Manifest Guard
Paste Kubernetes YAML or JSON and get a practical baseline report for Pod Security Standards, RBAC wildcards, host access, exposed services, missing NetworkPolicy, image pinning, and copyable remediation steps.
Manifest score
--
Paste a manifest to begin
Manifest input
YAML or JSON, analyzed without cluster access.
Ready
Baseline report
No report yet.
Critical0
High0
Medium0
Low0
Findings will appear here after analysis.
After your scan
Turn manifest findings into DevSecOps practice
Use the report to explain least privilege, RBAC blast radius, NetworkPolicy, and pod hardening in interview or lab language.
What this checks
- Privileged containers, hostNetwork, hostPID, hostIPC, and risky hostPath mounts
- runAsNonRoot, seccomp RuntimeDefault, privilege escalation, capabilities, and read-only filesystem posture
- Wildcard RBAC, cluster-admin bindings, and privilege-escalation verbs
- Missing NetworkPolicy, missing Pod Security Admission labels, and public Service or Ingress exposure
- Floating images, missing resources, and basic readiness/liveness probe gaps