Red Hat OpenShift Security

Secure Your OpenShift Clusters

Enterprise-grade OpenShift security with 83+ CIS Benchmark checks plus OpenShift-specific SCCs, OAuth validation, and Route security.

Start OpenShift ScanView All Platforms
OpenShift Overview
OCP Clusters
8
Projects
247
SCCs
24
Checks
100+
Critical5
Privileged SCCs in use
High8
OAuth misconfigurations

Built for OpenShift

Deep integration with OpenShift-specific security features

SCCs
Security Context

Constraints analysis

OAuth
Authentication

Identity providers

Routes
Ingress Security

TLS & certificates

Operators
Operator Security

OLM validation

Complete OpenShift Security Posture Management

From SCCs to OAuth, secure every aspect of your enterprise OpenShift clusters

OpenShift Security Dashboard
OpenShift Security Score86
83+ checks passed
Control Plane
SCCs3 privileged
OAuthConfigured
Routes2 insecure
etcd Encryption
OpenShift Native

Security Context Constraints (SCC) Analysis

Deep analysis of OpenShift Security Context Constraints. Identify overly permissive SCCs, validate pod-to-SCC bindings, and ensure least-privilege enforcement.

  • SCC Audit
    Review all SCCs and identify privileged or anyuid grants
  • Pod-SCC Binding
    Map which pods use which SCCs and detect escalation risks
  • Custom SCC Validation
    Validate custom SCCs against security best practices
OAuth & Identity
Identity Providers3
Configured (LDAP, OIDC)
RBAC Issues5
Overly permissive roles
Token Config1
Long-lived tokens
OAuth Mode:OIDC + LDAP
OAuth & RBAC

OpenShift OAuth & Identity Provider Security

Validate OpenShift OAuth configuration, identity providers, and RBAC. Ensure secure authentication and authorization for your enterprise workloads.

  • OAuth Providers
    Audit LDAP, OIDC, GitHub, GitLab identity provider configs
  • Token Policies
    Validate access token and refresh token lifetimes
  • ClusterRole Bindings
    Detect overly permissive cluster-admin bindings
Route Security
Routes
156
TLS Routes
142
⚠ Insecure Routes
14 routes without TLS termination
⚠ Expiring Certs
3 certificates expire in 30 days
Routes & TLS

OpenShift Routes & Ingress Security

Validate OpenShift Route configurations, TLS termination, and certificate management. Ensure secure external access to your applications.

  • TLS Termination
    Verify edge, passthrough, and reencrypt route security
  • Certificate Validation
    Check certificate expiry, chain validity, and cipher suites
  • Route Admission
    Audit route admission policies and wildcard routes

OpenShift Security Checks

Comprehensive security coverage for OpenShift clusters

Control Plane

18+

API server, etcd encryption, machine configs

SCCs

15+

Security Context Constraints, pod-SCC bindings

OAuth & Identity

14+

OAuth providers, tokens, RBAC, identity

Projects & RBAC

16+

Project isolation, role bindings, quotas

Routes & Network

12+

Route TLS, SDN policies, egress controls

Operators & Logging

12+

OLM operators, cluster logging, monitoring

Frequently Asked Questions

Everything you need to know about OpenShift security with TigerGate

TigerGate uses OpenShift service accounts with cluster-reader role or equivalent. You can use kubeconfig with a token, or integrate via the OpenShift OAuth flow. No cluster-admin access is required for security scanning.
Yes! TigerGate fully supports OpenShift 4.x including OpenShift Container Platform (OCP), OpenShift Dedicated, and Red Hat OpenShift Service on AWS (ROSA). We support both self-managed and managed OpenShift deployments.
TigerGate runs OpenShift-specific checks including: Security Context Constraints (SCCs), OAuth configuration, identity provider security, Route TLS, ClusterRole bindings, machine configs, etcd encryption, operator security, and OpenShift-specific CIS benchmarks.
OpenShift uses SCCs instead of Kubernetes Pod Security Standards. TigerGate validates SCC configurations, identifies pods using privileged/anyuid SCCs, and maps SCC usage across the cluster. We also check if Pod Security Admission is enabled alongside SCCs.
Yes! TigerGate complements the OpenShift Compliance Operator by providing real-time scanning, unified multi-cluster visibility, and additional checks beyond what Compliance Operator covers. You can correlate findings from both tools.

Ready to Secure Your OpenShift Clusters?

Start with a free OpenShift security scan. See your SCCs, OAuth, and compliance gaps in minutes.

Start OpenShift ScanSchedule Demo