I've been looking for a set of tools that would detect wrong/missing configuration on k8s API, running workloads and unapplied manifests.<p>So far I've found a set of tools like for example:<p>Snyk iac, datree, Kube-bench, Kube-score, Kubeaudit, Kube-scan, Kubescape, Krane<p>Each of them has itss own specialty but often they overlap some features.<p>The idea is to have 3 steps of checking config:<p>1. github workflow that builds the kustomize manifest and use a scanner that will fail in case of bad practice was detected<p>2. Once a day run checks against the workloads applied on the cluster<p>3. Once a day run checks against the API configuration<p>The problem is that there are some many tools out there that I have no idea which one I should use for each step.<p>Better approaches are also welcome.