This report is auto-generated from the latest RBAC Atlas scan (2026-03-18). It analyzes the RBAC permissions of 257 Kubernetes open-source projects across 25451 manifest versions to provide a snapshot of the current cloud-native threat landscape.
At a Glance
| Metric | Value |
|---|
| Projects analyzed | 257 |
| Total manifest versions | 25451 |
| Avg service accounts per project | 2.11 |
| Avg permission bindings per project | 30.19 |
| Avg workloads per project | 3.5 |
| Avg critical risks per project | 3.52 |
| Avg high risks per project | 3.49 |
| Avg medium risks per project | 2.2 |
| Avg low risks per project | 20.97 |
| Projects with critical risks | 171 |
| Projects with no RBAC permissions | 54 |
Risk Distribution
| Risk Level | Count | Percentage |
|---|
| Critical | 905 | 11.67% |
| High | 898 | 11.58% |
| Medium | 566 | 7.3% |
| Low | 5389 | 69.46% |
| Total | 7758 | |
Top 10 RBAC Risk Tags
Top 10 Triggered Risk Rules
| Rule | Occurrences |
|---|
| Base Risk Level - Low | 6820 |
| Base Risk Level - High | 758 |
| Read ConfigMaps in a namespace | 256 |
| Read secrets in a namespace | 239 |
| Read secrets cluster-wide | 191 |
| Base Risk Level - Medium | 177 |
| Read ConfigMaps cluster-wide | 162 |
| Modify ConfigMaps in a namespace | 158 |
| List Namespaces (Cluster Reconnaissance) | 143 |
| Read RBAC configuration cluster-wide | 136 |
Top 10 Riskiest Projects
Ranked by weighted risk score (critical×10 + high×5 + medium×2 + low×1), using only the latest version of each project.
Top 10 Projects by Permission Count
