phy-k8s-security-audit Static security auditor for Kubernetes YAML manifests . Scans every Deployment, StatefulSet, DaemonSet, Pod, Job, CronJob, Role, ClusterRole, RoleBinding, ClusterRoleBinding, ServiceAccount, and NetworkPolicy in your repository against the CIS Kubernetes Benchmark v1.9 and Pod Security Standards (PSS) . No cluster access required — works entirely on local manifest files. Why Manifest Auditing Matters - Tesla's Kubernetes cluster was cryptojacked because their dashboard had no auth and pods ran privileged - Attackers with access to one container can escape to the node vi…