Cluster Infrastructure Assessments
Cluster Infrastructure Assessment Reports under Security > Cluster Security > Infrastructure Assessments show cluster-wide infrastructure security assessments for cluster resources (e.g. nodes). Unlike Namespace Infrastructure Assessments, the scope is the whole cluster. You can open each report to see failed checks, descriptions, and remediation steps. Reports are generated by Trivy.
Cluster Infrastructure Assessment Reports​
The page title is Cluster Infrastructure Assessment Reports, with a short description: Cluster-wide infrastructure security assessments for cluster resources.
Table​
Use the Columns control above the table to choose which columns are visible. The table includes:
| Column | Description |
|---|---|
| Name | Name of the assessed cluster resource (e.g. a node such as node-…compute.internal). |
| Critical | Number of critical findings. |
| High | Number of high-severity findings. |
| Medium | Number of medium-severity findings. |
| Low | Number of low-severity findings. |
| Total Checks | Total number of checks run. |
| Last Updated | Date and time of the last assessment (may be empty). |
Each row has an eye icon (or similar) at the end to open Assessment Details. Pagination at the bottom (e.g. "Rows per page: 25", "1–11 of 11") and navigation arrows let you move through the list.
Assessment Details​
When you open an assessment from the list, the breadcrumbs show Security > Cluster Security > Cluster Infrastructure Assessments > Assessment Details.
Header​
- Resource — The assessed cluster resource (e.g. a node identified as
…compute.internalor similar) with a Cluster scope indicator. - Scan summary — Scope: Cluster, Checks (total), Passed, Failed (e.g. "Checks: 4 Passed: 0 Failed: 4"), Scanner and version (e.g. Trivy v0.29.0).
- Severity counts — Badges for Critical, High, Medium, Low (e.g. "0 Critical", "4 High").
Security Checks Table​
Above the table you can filter by Severity (e.g. "All severities") and Status (e.g. "All"). The Columns button (e.g. "Columns 5") customizes visible columns.
The table lists each finding with:
| Column | Description |
|---|---|
| Check ID | Identifier of the check (e.g. KCV0069, KCV0073, KCV0086, KCV0077). Rows can be expanded to show full details. |
| Title | Short title (e.g. "Ensure that the kubelet service file permissions are set to 600 or more restrictive", "Ensure that the -kubeconfig kubelet.conf file permissions are set to 600 or more restrictive"). |
| Category | Category of the check (e.g. "Kubernetes Security Check"). |
| Severity | Severity level (e.g. High), often with color. |
| Status | Result (e.g. Fail), often with an icon. |
Expand a row to see:
- Description — Why the check matters (e.g. the kubelet service file should have restrictive permissions).
- Messages — Concrete instance (e.g. which file or setting is involved).
- Remediation — What to change, including specific paths where applicable (e.g. set permissions of
/etc/systemd/system/kubelet.service.d/10-kubeadm.confto 600 or more restrictive, or adjust kubelet config file permissions).
Use this view to understand each finding and apply the suggested remediation on the cluster nodes. Pagination at the bottom (e.g. "1–4 of 4", "Rows per page: 25") applies when there are many findings.