# llms.txt — LLM Guidance for container.vibehack.dev
# Standard: https://llmstxt.org
# Last updated: 2026-05-17

# Container & Kubernetes Security Assessment Tool

> A free, browser-based security assessment tool that helps DevSecOps teams, security engineers, and platform engineers evaluate their container and Kubernetes security posture against industry frameworks.

## What this tool does

- Guides users through **64 security questions** across 8 critical domains
- Scores answers using a **weighted risk model** (0–100) based on question criticality
- Maps controls to **OWASP, CIS Benchmark, NIST 800-190, CSA CCM, and Pod Security Standards**
- Provides **prioritized remediation recommendations** for each finding
- Runs **entirely client-side** — no data leaves the browser

## Assessment Domains

1. **Container Image Security** — Base image hygiene, vulnerability scanning, minimal images, signed images
2. **Kubernetes Configuration** — RBAC, Pod Security Standards, admission controllers, API server hardening
3. **Runtime Security** — Syscall filtering, seccomp/AppArmor, anomaly detection, read-only filesystems
4. **Network Policies** — Pod-to-pod segmentation, ingress/egress controls, encrypted traffic
5. **Secrets Management** — No hardcoded secrets, Kubernetes Secrets encryption, external secret stores (Vault, AWS SM)
6. **Compliance** — CIS Kubernetes Benchmark, NIST 800-190, PCI-DSS container requirements
7. **Registry Security** — Private registry access controls, image signing, pull policies
8. **CI/CD Pipeline Security** — SAST/DAST in pipelines, supply chain security, SBOM generation

## Frameworks Referenced

- OWASP Docker Top 10
- OWASP Kubernetes Top 10
- CIS Kubernetes Benchmark v1.10 (Kubernetes 1.30+)
- NIST SP 800-190 (Application Container Security Guide)
- CSA Cloud Controls Matrix (CCM v4.0) — 197 controls across 17 domains
- Kubernetes Pod Security Standards (PSS) — enforced via Pod Security Admission
- SLSA v1.0 (Supply chain Levels for Software Artifacts)
- Sigstore / Cosign — image signing and artifact attestation

## How scoring works

Each question has a **criticality weight** (Critical=3, High=2, Medium=1). Answers are scored:
- Yes = full points
- Partial = 50% points
- No = 0 points

Final score is percentage of maximum achievable points. Score bands: Critical (<40), High (40–59), Medium (60–79), Good (80–89), Excellent (90–100).

## Who should use this

Security engineers, DevSecOps practitioners, platform/SRE teams, compliance teams, and anyone responsible for securing containerized workloads.

## Key links

- Tool: https://container.vibehack.dev/
- Organization: VibeHack / Quantum Security
- Contact: info@quantumsecurity.ai