Vulnerability scanning function added to ‘Kuberscape’, an open source security platform for Kubernetes

Kubernetes security specialist ARMO is an open source-based security platform CooberscapeAdded vulnerability checking function to (Kubescape).
ⓒ GRACE

“Users will be able to increase security by scanning code repositories and container image registries,” said ARMO. “Lens, Prometheus, Plural, Civo, GitHub Actions, You can integrate and use third-party DevOps and Kubernetes tools such as GitLab and Visual Studio.”

The newly added code repository scan function checks YAML files and Helm charts from the beginning of the software development lifecycle. Before installing a Kubernetes cluster, security checks are performed in advance, and the results are checked in the cloud environment. Also, with a feature called ‘Remediation Assistant’, you can view history, trends and drifts, set exceptions, and see where the problem is and fix it. The container image registry scan function scans the Elastic Container Registry, Google Container Registry, and Quay for security vulnerabilities before starting the cluster.

ARMO explains that this feature helps prevent security problems in production environments by detecting vulnerabilities that appear early in the development process or when using third-party registries. Kuberscape is also constantly looking for new vulnerabilities in the CI/CD pipeline that can occur after a container image is created or a cluster is deployed. Here, by providing an open API with Swagger, the service will be provided more conveniently.

ARMO has open-sourced the Helm component of Kuberscape by adding a vulnerability check function this time. In the future, we plan to open all the backend code and services as open source so that anyone can configure their own cloud solution and UI for Kuberscape and create DevOps tools.

Apart from this vulnerability tool, ARMO said that it will strengthen the collaboration function by utilizing the inquiry system management tool and communication service. If a new security problem is discovered with this feature, it seems that it will be possible to create a JIRA issue right from within Kuberscape, send a notification to the Slack channel, assign a team member, and so on, all at once.
[email protected]


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!