Make PSP Security Checking from Manual to Automated?

[arrowpig1979]

https://github.com/aquasecurity/kube-bench/blob/main/cfg/cis-1.20/policies.yaml#L76

Is there a way that we can support making PSP checking automated? Information security department is requesting many security checkings and many of them are running against API servers. yet currently Kube-bench is running as daemon sets and the previleges of Kube-bench itself is wider than necessary if the scan is against API server. so we end up with developing new tools doing API server objects checking , e.g. PSP checking.

[chen-keinan]

@arrowpig1979 yes there is, checkout out our trivy-operator project or trivy it produce misconfiguration report which cover fully the psp