Kubescape boosts Kubernetes scanning capabilities

End-to-end open source security platform for Kubernetes has added vulnerability scanning for code repositories and container image registries.

bucket with holes breach security vulnerability

ARMO, developer of Kubescape, an open source security platform for Kubernetes, has added two new vulnerability scanning functions to the platform.

Code repository scanning and container image registry scanning are the first fruits of an effort to cover more aspects of Kubernetes security, the company said, including integrating with more third-party devops and Kubernetes tools like Lens, Prometheus, Plural, Civo, GitHub Actions, GitLab, and Visual Studio.

Code repository scanning is the ability to scan YAML files and Helm charts at the early stages of the SDLC. Even before they have any Kubernetes clusters in place, users can see the results on Kubescape’s cloud UI. Users can view history, trends, and drifts, set exclusions, and see where a control has failed and how to fix it, a capability known as “assisted remediation.”

Container image registry scanning allows users to scan container images directly from their registries—including Elastic Container Registry, Google Container Registry, Quay, and others—before they are running or sent to run in the cluster.

The two features allow for vulnerabilities to be detected earlier in the development process, or in third-party registries, preventing vulnerabilities from reaching production environments. Additionally, Kubescape continuously scans for new vulnerabilities in the CI/CD pipeline that might arise after a container image was created or a container cluster has been deployed.

ARMO said that Kubescape will soon support the OpenAPI framework through Swagger, and Kubescape users will be able to leverage services through openly available APIs.

The company also announced it is open sourcing a critical component of the Kubescape platform, its in-cluster Helm component, which will make more features, like image scanning, truly open source. Its next steps will be to open source the whole back-end code base and services, which will allow users to build their own cloud solution, and UI, on top of Kubescape and make it a devops-native tool. 

Also coming soon are collaboration features that will be integrated with external ticket management systems and internal communication channels, the company said. If users find a new security issue in their environment with Kubescape, they will be able to create Jira tickets, post to Slack channels, and assign the right team member to work on it, all from within the Kubescape platform. 

Copyright © 2022 IDG Communications, Inc.