RBAC Atlas is a curated database of identities and the Role Based Access Control (RBAC) policies associated with them in popular Kubernetes open-source projects. Each entry includes security annotations that highlight granted permissions, potential risks, and possible abuse scenarios.

Why is RBAC important? RBAC is the final layer of defense in Kubernetes security. If workloads are compromised and an identity is stolen, a misconfigured or overly permissive RBAC policy (common with Operators) can enable attackers to move laterally within your cluster, potentially leading to a complete Kubernetes cluster takeover.

RBAC Atlas is a collaborative project created by Lenin Alevski, and contributions of additional RBAC rules are welcome. Check out the source on GitHub: rbac-scope (the CLI tool) and rbac-atlas (this website).

🚀 Top Risks

informationdisclosure dataexposure configmapaccess reconnaissance credentialaccess secretaccess clusterstructure tampering potentialprivilegeescalation clusterwidesecretaccess See All →

📦 Top Categories

monitoring operator prometheus kubernetes metric database cluster alerting gitops argoproj kube-prometheus observability argocd storage sql gitlab metrics http php web See All →

📜 All Projects

All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

rancher

v2.13.3
22 Low 3 3 22

Install Rancher Server to manage Kubernetes clusters across providers.

redis

v25.3.2
2 2 0

Redis(R) is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.

sonarqube

v2026.1.0
2 Critical 1 High 1 Medium 24 Low 2 3 28

SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards.

#ClusterStructure  #ClusterWideSecretAccess  #ConfigMapAccess  (+6 more)

telegraf-ds

v1.1.46
1 1 0

Telegraf is an agent written in Go for collecting, processing, aggregating, and writing metrics.

thanos

v17.3.1
3 3 0

Thanos is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations.

vals-operator

v0.8.1
1 Critical 5 Low 1 1 6

This helm chart installs the Digitalis Vals Operator to manage and sync secrets from supported backends into Kubernetes. ## About Vals-Operator Here at Digitalis we love vals, it’s a tool we use daily to keep secrets stored securely. Inspired by this tool, we have created an operator to manage Kubernetes secrets. vals-operator syncs secrets from any secrets store supported by vals into Kubernetes. Also, vals-operator supports database secrets as provider by HashiCorp Vault Secret Engine.

#ClusterWideSecretAccess  #CredentialAccess  #DataExposure  (+2 more)