Quick Start
Connect your EKS or Kubernetes cluster to GuardMap in under 5 minutes.
Prerequisites
- A Kubernetes cluster (EKS, minikube, or any conformant K8s)
kubectlconfigured and pointing at your cluster- A GuardMap account
Step 0 — Sign in
Go to guardmap.pages.dev and sign in. You can use:
- Email + password — sign up with any email address
- Continue with Google — one-click sign-in via your Google account (recommended)
After signing in you'll be redirected to the dashboard and prompted to create your organisation.
Step 1 — Create an organisation
After signing up, you'll be prompted to create an organisation. This is your tenant — all clusters, API keys, and scan history live under it.
Step 2 — Add a cluster
- Go to Integrations in the top bar
- Click Add cluster
- Enter a name and region for your cluster
- Copy the generated API token — you'll need it in the next step
Step 3 — Deploy the agent
In the Integrations page, click View manifest on your cluster card. This generates a ready-to-apply Kubernetes manifest with your credentials pre-filled.
# Copy the manifest from the dashboard, then:
kubectl apply -f guardmap-agent.yaml
The manifest creates:
- A
guardmapnamespace - A
ServiceAccountwith read-only cluster permissions - A
Secretwith your API key - A
guardmap-scannerCronJob that runs a full scan every 6 hours - A
guardmap-heartbeatCronJob that pings every 5 minutes (keeps cluster status live)
Step 4 — Trigger the first scan
The agent runs automatically every 6 hours. To trigger an immediate scan:
kubectl create job -n guardmap --from=cronjob/guardmap-scanner guardmap-manual
Step 5 — View results
Go back to the dashboard and click Refresh. You'll see:
- Overview — security score and namespace health
- Findings — all detected issues with remediation steps
- History — trend chart of your score over time
The first scan takes 30–120 seconds depending on cluster size. If the status stays Pending, check the agent logs:
kubectl logs -n guardmap -l app=guardmap-agent --tail=50