Skip to main content
Attack Path Analysis maps how a compromised workload could escalate privileges, building a directed graph from pods through ServiceAccounts and Roles to sensitive resources.

Graph Nodes

Node TypeRepresents
PodRunning workload (entry point)
ServiceAccountKubernetes identity
Role / ClusterRolePermission set
BindingLinks identity to permissions
ResourceTarget (secrets, pods/exec, RBAC)

What It Finds

  • Pod → cluster-admin: full cluster control from a compromised pod
  • Pod → secrets access: reading secrets in other namespaces
  • Pod → pod exec: lateral movement to other pods
  • Escalation chains: self-grant cluster-admin via RoleBinding creation
Paths are ranked by length (fewer hops = higher risk) and severity.